// For flags

CVE-2009-3743

ghostscript: TrueType bytecode intepreter integer overflow or wraparound

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.

Un error por un paso en la función Ins_MINDEX en el intérprete de código de bytes TrueType en Ghostscript anterior a versión 8.71, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria de la pila) por medio de una fuente TrueType malformada en un documento que desencadena un desbordamiento de enteros y un desbordamiento de búfer en la región heap de la memoria.

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the "-I" option, or the "-P-" option was used. If a user ran Ghostscript in an attacker-controlled directory containing a system initialization file, it could cause Ghostscript to execute arbitrary PostScript code.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-10-22 CVE Reserved
  • 2010-08-26 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
  • CWE-190: Integer Overflow or Wraparound
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 6.0
Search vendor "Artifex" for product "Afpl Ghostscript" and version "6.0"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 6.01
Search vendor "Artifex" for product "Afpl Ghostscript" and version "6.01"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 6.50
Search vendor "Artifex" for product "Afpl Ghostscript" and version "6.50"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 7.00
Search vendor "Artifex" for product "Afpl Ghostscript" and version "7.00"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 7.03
Search vendor "Artifex" for product "Afpl Ghostscript" and version "7.03"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 7.04
Search vendor "Artifex" for product "Afpl Ghostscript" and version "7.04"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 8.00
Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.00"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 8.11
Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.11"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 8.12
Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.12"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 8.13
Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.13"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 8.14
Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.14"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 8.50
Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.50"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 8.51
Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.51"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 8.52
Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.52"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 8.53
Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.53"
-
Affected
Artifex
Search vendor "Artifex"
 Afpl Ghostscript
Search vendor "Artifex" for product "Afpl Ghostscript"
 8.54
Search vendor "Artifex" for product "Afpl Ghostscript" and version "8.54"
-
Affected
Artifex
Search vendor "Artifex"
 Ghostscript Fonts
Search vendor "Artifex" for product "Ghostscript Fonts"
 6.0
Search vendor "Artifex" for product "Ghostscript Fonts" and version "6.0"
-
Affected
Artifex
Search vendor "Artifex"
 Ghostscript Fonts
Search vendor "Artifex" for product "Ghostscript Fonts"
 8.11
Search vendor "Artifex" for product "Ghostscript Fonts" and version "8.11"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 <= 8.70
Search vendor "Artifex" for product "Gpl Ghostscript" and version " <= 8.70"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.01
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.01"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.15
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.15"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.50
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.50"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.51
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.51"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.54
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.54"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.56
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.56"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.57
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.57"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.60
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.60"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.61
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.61"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.62
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.62"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.63
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.63"
-
Affected
Artifex
Search vendor "Artifex"
 Gpl Ghostscript
Search vendor "Artifex" for product "Gpl Ghostscript"
 8.64
Search vendor "Artifex" for product "Gpl Ghostscript" and version "8.64"
-
Affected