HomePentest-Tools.com Logo

Ghostscript Arbitrary Code Execution Vulnerability CVE-2009-3743

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Ghostscript is prone to an arbitrary code execution vulnerability.

Risk description

The flaw is due to Off-by-one error in the TrueType bytecode interpreter in Ghostscript that allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document. Successful exploitation allows the attackers to execute arbitrary code or cause a denial of service.

Recommendation

Upgrade to Ghostscript version 8.71 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 26, 2010
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available