SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#644319

Ghostscript Heap Corruption in TrueType bytecode interpreter

Overview

The TrueType bytecode interpreter which is a part of Ghostscript is prone to heap corruption.

I. Description

Ghostscript includes a TrueType bytecode interpreter which is prone to an off by one bug which causes heap corruption. Further details can be found in the Ghostscript Bug #691044, Ghostscript r10602 commit statement and Toucan System's TSSA-2010-01 advisory.

II. Impact

An attacker may use a specially crafted document with a malformed TrueType font to cause a denial of service condition or execute arbitrary code.

III. Solution

Upgrade to Ghostscript 8.71 or newer.

Vendor Information
VendorStatusDate NotifiedDate Updated
Artifex Software, Inc.Affected2010-08-032010-08-24

References

https://code.google.com/p/ghostscript/source/detail?r=10602&path=/trunk/gs/base/ttinterp.c
http://bugs.ghostscript.com/show_bug.cgi?id=691044
http://toucan-system.com/advisories/tssa-2010-01.txt

Credit

Thanks to Jonathan Brossard for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

Date Public:2010-08-24
Date First Published:2010-08-24
Date Last Updated:2010-12-06
CERT Advisory: 
CVE-ID(s):CVE-2009-3743
NVD-ID(s):CVE-2009-3743
US-CERT Technical Alerts: 
Severity Metric:0.45
Document Revision:34

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2010 by US-CERT, a government organization
Disclaimers and copyright information
Get a PDF Reader