What is CVE-2009-0196?

CVE-2009-0196 is a vulnerability in Ghostscript, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2009-04-16.

Is CVE-2009-0196 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Ghostscript

CVE-2009-0196

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a P…

Vulnerability class: Buffer Overflow

EPSS: 0.074 (93.6th percentile) — read the EPSS interpretation.

Affected products

Ghostscript — versions 0, 5.50, 7.07
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

PSIRT-CNA@flexerasoftware.com (x_refsource_REDHAT, vendor-advisory)
PSIRT-CNA@flexerasoftware.com (mailing-list, x_refsource_BUGTRAQ)
PSIRT-CNA@flexerasoftware.com (vendor-advisory, x_refsource_FEDORA)
PSIRT-CNA@flexerasoftware.com (vendor-advisory, x_refsource_GENTOO)
PSIRT-CNA@flexerasoftware.com (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
PSIRT-CNA@flexerasoftware.com (Patch, vdb-entry, x_refsource_BID)
PSIRT-CNA@flexerasoftware.com (vendor-advisory, x_refsource_SUNALERT)
PSIRT-CNA@flexerasoftware.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
PSIRT-CNA@flexerasoftware.com (mailing-list, x_refsource_BUGTRAQ)
PSIRT-CNA@flexerasoftware.com (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2009-0196?: CVE-2009-0196 is a vulnerability in Ghostscript, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2009-04-16.
Is CVE-2009-0196 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.