Strix
26.1K

CVE-2009-0196

UnknownEPSS 7.36%

Last modified

CVE-2009-0196 is a vulnerability of currently unknown severity. Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.. EPSS estimates a 7.36% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

Metrics

EPSS Probability
7.36%

93.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
GhostscriptGhostscript<= 8.64
GhostscriptGhostscript0
GhostscriptGhostscript5.50
GhostscriptGhostscript7.07
GhostscriptGhostscript8.0.1
GhostscriptGhostscript8.15
GhostscriptGhostscript8.15.2
GhostscriptGhostscript8.54
GhostscriptGhostscript8.56
GhostscriptGhostscript8.57
GhostscriptGhostscript8.60
GhostscriptGhostscript8.61
GhostscriptGhostscript8.62
GhostscriptGhostscript8.63

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-0196?
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
How severe is CVE-2009-0196?
Severity scoring for CVE-2009-0196 is pending analysis. The EPSS model estimates a 7.36% probability of exploitation in the next 30 days.
How do I fix CVE-2009-0196?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0196?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST