CVE-2009-0196
ghostscript - integer overflows
EPSS 9.5%
Description
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
How to fix CVE-2009-0196
To remediate CVE-2009-0196, upgrade the affected package to a fixed version below.
- Debian/ghostscript—upgrade to 8.64~dfsg-1.1 or later
- Debian/ghostscript—upgrade to 8.64~dfsg-1+squeeze1 or later
Is CVE-2009-0196 being exploited?
Moderate — EPSS is 9.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 8.64~dfsg-1.1
- from 0, < 8.64~dfsg-1+squeeze1