Unrated severityNVD Advisory· Published Apr 16, 2009· Updated Apr 23, 2026
CVE-2009-0196
CVE-2009-0196
Description
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
Affected products
14cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*range: <=8.64
- cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.60:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
27- www.securityfocus.com/bid/34445nvdPatch
- osvdb.org/53492nvdExploit
- bugzilla.redhat.com/attachment.cginvdExploit
- secunia.com/advisories/34292nvdVendor Advisory
- secunia.com/secunia_research/2009-21/nvdVendor Advisory
- www.vupen.com/english/advisories/2009/0983nvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlnvd
- secunia.com/advisories/34667nvd
- secunia.com/advisories/34729nvd
- secunia.com/advisories/34732nvd
- secunia.com/advisories/35416nvd
- secunia.com/advisories/35559nvd
- secunia.com/advisories/35569nvd
- security.gentoo.org/glsa/glsa-201412-17.xmlnvd
- sunsolve.sun.com/search/document.donvd
- wiki.rpath.com/Advisories:rPSA-2009-0060nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2009-0421.htmlnvd
- www.securityfocus.com/archive/1/502586/100/0/threadednvd
- www.securityfocus.com/archive/1/502757/100/0/threadednvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2009/1708nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533nvd
- usn.ubuntu.com/757-1/nvd
- www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.htmlnvd
News mentions
0No linked articles in our index yet.