Ghostscript Multiple Buffer Overflow Vulnerabilities (Win) Network Vulnerability

Summary

This host is installed with Ghostscript and is prone to Buffer Overflow Vulnerability.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the affected application and can cause denial of service. Impact Level: Application

Solution

Upgrade to Ghostscript version 8.71 or later. For updates refer to http://ghostscript.com/releases/

Insight

These flaws arise due to, - a boundary error in the jbig2_symbol_dict.c() function in the JBIG2 decoding library (jbig2dec) while decoding JBIG2 symbol dictionary segments. - multiple integer overflows in icc.c in the ICC Format library while processing malformed PDF and PostScript files with embedded images.

Affected

Ghostscript version 8.64 and prior on Windows.

References

http://secunia.com/advisories/34292
http://securitytracker.com/alerts/2009/Apr/1022029.html
http://www.vupen.com/english/advisories/2009/0983

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0196, CVE-2009-0792

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ALLMediaServer Request Handling Buffer Overflow Vulnerability
Becky! Internet Mail Buffer Overflow Vulnerability
Adobe Reader/Acrobat Multimedia Doc.media.newPlayer Code Execution Vulnerability (Win)
Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)
Buffer Overflow Vulnerability in Adobe Reader (Linux)

Take action and discover your vulnerabilities