Artifex Software, Inc. Information for VU#644319

Ghostscript Heap Corruption in TrueType bytecode interpreter

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

The reporter initially contacted the vendor 10-26-2009.

Vendor fixed the vulnerability on 01-11-2010 without mentioning security implications.
The reporter contacted CERT 07-20-2010.
CERT contacted the vendor 08-03-2010.

If you have feedback, comments, or additional information about this vulnerability, please send us email.