Vulnerability Note VU#644319
Ghostscript Heap Corruption in TrueType bytecode interpreter
Overview
The TrueType bytecode interpreter which is a part of Ghostscript is prone to heap corruption.
Description
Ghostscript includes a TrueType bytecode interpreter which is prone to an off by one bug which causes heap corruption. Further details can be found in the Ghostscript Bug #691044, Ghostscript r10602 commit statement and Toucan System's TSSA-2010-01 advisory. |
Impact
An attacker may use a specially crafted document with a malformed TrueType font to cause a denial of service condition or execute arbitrary code. |
Solution
Upgrade to Ghostscript 8.71 or newer. |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Artifex Software, Inc. | Affected | 03 Aug 2010 | 24 Aug 2010 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- https://code.google.com/p/ghostscript/source/detail?r=10602&path=/trunk/gs/base/ttinterp.c
- http://bugs.ghostscript.com/show_bug.cgi?id=691044
- http://toucan-system.com/advisories/tssa-2010-01.txt
Credit
Thanks to Jonathan Brossard for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
- CVE IDs: CVE-2009-3743
- Date Public: 24 Aug 2010
- Date First Published: 24 Aug 2010
- Date Last Updated: 06 Dec 2010
- Severity Metric: 0.45
- Document Revision: 34
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.