CVE-2009-3743
Published: 26 August 2010
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ghostscript Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(8.61.dfsg.1-1ubuntu3.4)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Not vulnerable
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://ghostscript.com/pipermail/gs-cvs/2010-January/010345.html |
||
|
gs-afpl Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
gs-esp Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
gs-gpl Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Needs triage
|
|