Vulnerability Note VU#644319

Ghostscript Heap Corruption in TrueType bytecode interpreter

Original Release date: 24 Aug 2010 | Last revised: 06 Dec 2010


The TrueType bytecode interpreter which is a part of Ghostscript is prone to heap corruption.


Ghostscript includes a TrueType bytecode interpreter which is prone to an off by one bug which causes heap corruption. Further details can be found in the Ghostscript Bug #691044, Ghostscript r10602 commit statement and Toucan System's TSSA-2010-01 advisory.


An attacker may use a specially crafted document with a malformed TrueType font to cause a denial of service condition or execute arbitrary code.


Upgrade to Ghostscript 8.71 or newer.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Artifex Software, Inc.Affected03 Aug 201024 Aug 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Thanks to Jonathan Brossard for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2009-3743
  • Date Public: 24 Aug 2010
  • Date First Published: 24 Aug 2010
  • Date Last Updated: 06 Dec 2010
  • Severity Metric: 0.45
  • Document Revision: 34


If you have feedback, comments, or additional information about this vulnerability, please send us email.