CVE-2009-3743
ghostscript: TrueType bytecode intepreter integer overflow or wraparound
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.
Un error por un paso en la función Ins_MINDEX en el intérprete de código de bytes TrueType en Ghostscript anterior a versión 8.71, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria de la pila) por medio de una fuente TrueType malformada en un documento que desencadena un desbordamiento de enteros y un desbordamiento de búfer en la región heap de la memoria.
Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.10-r2 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-10-22 CVE Reserved
- 2010-08-26 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/644319 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/JALR-87YGN8 | Us Government Resource |
|
| http://www.securityfocus.com/archive/1/514892/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1024785 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-201412-17.xml | 2018-10-10 | |
| https://rhn.redhat.com/errata/RHSA-2012-0095.html | 2018-10-10 | |
| https://access.redhat.com/security/cve/CVE-2009-3743 | 2012-02-02 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=627902 | 2012-02-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 6.0 Search vendor "Artifex" for product "Afpl Ghostscript" and version "6.0" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 6.01 Search vendor "Artifex" for product "Afpl Ghostscript" and version "6.01" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 6.50 Search vendor "Artifex" for product "Afpl Ghostscript" and version "6.50" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 7.00 Search vendor "Artifex" for product "Afpl Ghostscript" and version "7.00" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 7.03 Search vendor "Artifex" for product "Afpl Ghostscript" and version "7.03" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 7.04 Search vendor "Artifex" for product "Afpl Ghostscript" and version "7.04" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 8.00 Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.00" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 8.11 Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.11" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 8.12 Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.12" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 8.13 Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.13" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 8.14 Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.14" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 8.50 Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.50" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 8.51 Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.51" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 8.52 Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.52" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 8.53 Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.53" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Afpl Ghostscript Search vendor "Artifex" for product "Afpl Ghostscript" | 8.54 Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.54" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Ghostscript Fonts Search vendor "Artifex" for product "Ghostscript Fonts" | 6.0 Search vendor "Artifex" for product "Ghostscript Fonts" and version "6.0" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Ghostscript Fonts Search vendor "Artifex" for product "Ghostscript Fonts" | 8.11 Search vendor "Artifex" for product "Ghostscript Fonts" and version "8.11" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | <= 8.70 Search vendor "Artifex" for product "Gpl Ghostscript" and version " <= 8.70" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.01 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.01" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.15 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.15" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.50 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.50" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.51 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.51" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.54 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.54" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.56 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.56" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.57 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.57" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.60 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.60" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.61 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.61" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.62 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.62" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.63 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.63" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Gpl Ghostscript Search vendor "Artifex" for product "Gpl Ghostscript" | 8.64 Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.64" | - |
Affected
| ||||||