VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2009-3743
afpl_ghostscript, ghostscript_fonts, gpl_ghostscript: Off-by-one error in the TrueType bytecode interpret...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3743

Original

Off-by-one error in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-08-26
Source Information Category:
Advisory, Alert
Last Updated:
2010-08-27




Affected Product Tags
cpe:/a:artifex:afpl_ghostscript:6.0
cpe:/a:artifex:afpl_ghostscript:6.01
cpe:/a:artifex:afpl_ghostscript:6.50
cpe:/a:artifex:afpl_ghostscript:7.00
cpe:/a:artifex:afpl_ghostscript:7.03
cpe:/a:artifex:afpl_ghostscript:7.04
cpe:/a:artifex:afpl_ghostscript:8.00
cpe:/a:artifex:afpl_ghostscript:8.11
cpe:/a:artifex:afpl_ghostscript:8.12
cpe:/a:artifex:afpl_ghostscript:8.13
cpe:/a:artifex:afpl_ghostscript:8.14
cpe:/a:artifex:afpl_ghostscript:8.50
cpe:/a:artifex:afpl_ghostscript:8.51
cpe:/a:artifex:afpl_ghostscript:8.52
cpe:/a:artifex:afpl_ghostscript:8.53
cpe:/a:artifex:afpl_ghostscript:8.54
cpe:/a:artifex:ghostscript_fonts:6.0
cpe:/a:artifex:ghostscript_fonts:8.11
cpe:/a:artifex:gpl_ghostscript:8.01
cpe:/a:artifex:gpl_ghostscript:8.15
cpe:/a:artifex:gpl_ghostscript:8.50
cpe:/a:artifex:gpl_ghostscript:8.51
cpe:/a:artifex:gpl_ghostscript:8.54
cpe:/a:artifex:gpl_ghostscript:8.56
cpe:/a:artifex:gpl_ghostscript:8.57
cpe:/a:artifex:gpl_ghostscript:8.60
cpe:/a:artifex:gpl_ghostscript:8.61
cpe:/a:artifex:gpl_ghostscript:8.62
cpe:/a:artifex:gpl_ghostscript:8.63
cpe:/a:artifex:gpl_ghostscript:8.64
cpe:/a:artifex:gpl_ghostscript:8.70 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
http://www.kb.cert.org/vuls/id/JALR-87YGN8




VU#644319




Vulnerability Type Numeric Errors (CWE-189)




Copyright © 2010 JPCERT/CC All Rights Reserved.