The TrueType bytecode interpreter which is a part of Ghostscript is prone to heap corruption.
Ghostscript includes a TrueType bytecode interpreter which is prone to an off by one bug which causes heap corruption. Further details can be found in the Ghostscript Bug #691044, Ghostscript r10602 commit statement and Toucan System's TSSA-2010-01 advisory.
An attacker may use a specially crafted document with a malformed TrueType font to cause a denial of service condition or execute arbitrary code.
Upgrade to Ghostscript 8.71 or newer.
Vendor| Status| Date Notified| Date Updated
Artifex Software, Inc.| | 03 Aug 2010| 24 Aug 2010
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Thanks to Jonathan Brossard for reporting this vulnerability.
This document was written by Jared Allar.