Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2009-0196

Disclosure Date: April 16, 2009
CVE-2009-0196
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • ghostscript

Products

  • ghostscript,
  • ghostscript 0,
  • ghostscript 5.50,
  • ghostscript 7.07,
  • ghostscript 8.0.1,
  • ghostscript 8.15,
  • ghostscript 8.15.2,
  • ghostscript 8.54,
  • ghostscript 8.56,
  • ghostscript 8.57,
  • ghostscript 8.60,
  • ghostscript 8.61,
  • ghostscript 8.62,
  • ghostscript 8.63

References

Canonical
CVE-2009-0196 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196)
BID-34445 (http://www.securityfocus.com/bid/34445)
Advisory
http://www.redhat.com/support/errata/RHSA-2009-0421.html
20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow (http://www.securityfocus.com/archive/1/502586/100/0/threaded)
FEDORA-2009-3709 (https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html)
GLSA-201412-17 (http://security.gentoo.org/glsa/glsa-201412-17.xml)
ADV-2009-0983 (http://www.vupen.com/english/advisories/2009/0983)
SUNALERT-262288 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1)
SECUNIA-34292 (http://secunia.com/advisories/34292)
20090417 rPSA-2009-0060-1 ghostscript (http://www.securityfocus.com/archive/1/502757/100/0/threaded)
SECUNIA-34729 (http://secunia.com/advisories/34729)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
FEDORA-2009-3710 (https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html)
SECUNIA-34732 (http://secunia.com/advisories/34732)
SECUNIA-35569 (http://secunia.com/advisories/35569)
ADV-2009-1708 (http://www.vupen.com/english/advisories/2009/1708)
SECTRACK-1022029 (http://www.securitytracker.com/id?1022029)
SECUNIA-35559 (http://secunia.com/advisories/35559)
SECUNIA-35416 (http://secunia.com/advisories/35416)
http://wiki.rpath.com/Advisories:rPSA-2009-0060
USN-757-1 (https://usn.ubuntu.com/757-1)
OSVDB-53492 (http://osvdb.org/53492)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
SECUNIA-34667 (http://secunia.com/advisories/34667)
Miscellaneous
http://secunia.com/secunia_research/2009-21
https://bugzilla.redhat.com/attachment.cgi?id=337747

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis