Ghostscript Heap Corruption in TrueType bytecode interpreter

2010-08-2400:00:00

www.kb.cert.org

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.044 Low

EPSS

Percentile

92.4%

JSON

Overview

The TrueType bytecode interpreter which is a part of Ghostscript is prone to heap corruption.

Description

Ghostscript includes a TrueType bytecode interpreter which is prone to an off by one bug which causes heap corruption. Further details can be found in the Ghostscript Bug #691044, Ghostscript r10602 commit statement and Toucan System’s TSSA-2010-01 advisory.

Impact

An attacker may use a specially crafted document with a malformed TrueType font to cause a denial of service condition or execute arbitrary code.

Solution

Upgrade to Ghostscript 8.71 or newer.

Vendor Information

644319

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Artifex Software, Inc. __ Affected

Notified: August 03, 2010 Updated: August 24, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The reporter initially contacted the vendor 10-26-2009.

Vendor fixed the vulnerability on 01-11-2010 without mentioning security implications.
The reporter contacted CERT 07-20-2010.
CERT contacted the vendor 08-03-2010.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23644319 Feedback>).