|
|
Log in / Subscribe / Register

ghostscript: code execution

Package(s):ghostscript CVE #(s):CVE-2009-3743
Created:January 4, 2012 Updated:February 6, 2012
Description: From the CVE entry: Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.
Alerts:
Gentoo 201412-17 ghostscript-gpl 2014-12-13
Oracle ELSA-2012-0095 ghostscript 2012-02-03
Oracle ELSA-2012-0095 ghostscript 2012-02-03
Scientific Linux SL-ghos-20120203 ghostscript 2012-02-03
CentOS CESA-2012:0095 ghostscript 2012-02-03
CentOS CESA-2012:0095 ghostscript 2012-02-03
Red Hat RHSA-2012:0095-01 ghostscript 2012-02-02
Ubuntu USN-1317-1 ghostscript 2012-01-04
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds