CVE-2009-0196

EPSS 12.2%

ghostscript - integer overflows

Published: 4/16/2009Modified: 4/28/2026

Description

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

Affected packages (2)

Debian/ghostscriptfrom 0, < 8.64~dfsg-1.1
Debian/ghostscriptfrom 0, < 8.64~dfsg-1+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0196