Your submission was sent successfully! Close

CVE-2009-0196

Published: 16 April 2009

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

Notes

AuthorNote
mdeslaur
Secunia advisory SA34292
Priority

Medium

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy
Released (8.61.dfsg.1-1ubuntu3.2)
intrepid
Released (8.63.dfsg.1-0ubuntu6.4)
jaunty
Released (8.64.dfsg.1-0ubuntu8)
karmic
Released (8.64.dfsg.1-0ubuntu8)
upstream Needs triage

gs-afpl
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

gs-esp
Launchpad, Ubuntu, Debian
dapper
Released (8.15.2.dfsg.0ubuntu1-0ubuntu1.2)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

gs-gpl
Launchpad, Ubuntu, Debian
dapper
Released (8.15-4ubuntu3.3)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage