|
Brought to you by:
Suppliers of:
|
|
|
| |
| "Ghostscript is an interpreter for the PostScript (TM) language, with the ability to convert PostScript language files to many raster formats, view them on displays, and print them on printers that don't have PostScript language capability built in; An interpreter for Portable Document Format (PDF) files, with the same abilities; ..." Secunia Research has discovered a vulnerability in Ghostscript, which can be exploited by malicious people to potentially compromise a user's system. |
| |
Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2009-21/
|
| |
Vulnerable Systems:
* Ghostscript version 8.64
The vulnerability is caused due to a boundary error in the included jbig2dec library while decoding JBIG2 symbol dictionary segments. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
Successful exploitation may allow execution of arbitrary code.
Time Table:
26/03/2009 - Vendor notified.
26/03/2009 - vendor-sec notified.
02/04/2009 - Vendor response.
09/04/2009 - Public disclosure.
CVE Information:
CVE-2009-0196
|
|
|
|
|
