CVE-2009-0196

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

Published: Apr 16, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0196
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
ghostscript / ghostscript	8.60	8.60.x
ghostscript / ghostscript	7.07	7.07.x
ghostscript / ghostscript	-	-
ghostscript / ghostscript	8.62	8.62.x
ghostscript / ghostscript	8.57	8.57.x
ghostscript / ghostscript	8.54	8.54.x
ghostscript / ghostscript	-	8.64.x
ghostscript / ghostscript	5.50	5.50.x
ghostscript / ghostscript	8.15	8.15.x
ghostscript / ghostscript	8.56	8.56.x
ghostscript / ghostscript	8.15.2	8.15.2.x
ghostscript / ghostscript	8.0.1	8.0.1.x
ghostscript / ghostscript	8.61	8.61.x
ghostscript / ghostscript	8.63	8.63.x

Vulnerability Database

289,599

CVE-2009-0196