9.3

CVE-2009-3743

Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.

Data is provided by the National Vulnerability Database (NVD)
ArtifexAfpl Ghostscript Version6.0
ArtifexAfpl Ghostscript Version6.01
ArtifexAfpl Ghostscript Version6.50
ArtifexAfpl Ghostscript Version7.00
ArtifexAfpl Ghostscript Version7.03
ArtifexAfpl Ghostscript Version7.04
ArtifexAfpl Ghostscript Version8.00
ArtifexAfpl Ghostscript Version8.11
ArtifexAfpl Ghostscript Version8.12
ArtifexAfpl Ghostscript Version8.13
ArtifexAfpl Ghostscript Version8.14
ArtifexAfpl Ghostscript Version8.50
ArtifexAfpl Ghostscript Version8.51
ArtifexAfpl Ghostscript Version8.52
ArtifexAfpl Ghostscript Version8.53
ArtifexAfpl Ghostscript Version8.54
ArtifexGhostscript Fonts Version6.0
ArtifexGhostscript Fonts Version8.11
ArtifexGpl Ghostscript Version <= 8.70
ArtifexGpl Ghostscript Version8.01
ArtifexGpl Ghostscript Version8.15
ArtifexGpl Ghostscript Version8.50
ArtifexGpl Ghostscript Version8.51
ArtifexGpl Ghostscript Version8.54
ArtifexGpl Ghostscript Version8.56
ArtifexGpl Ghostscript Version8.57
ArtifexGpl Ghostscript Version8.60
ArtifexGpl Ghostscript Version8.61
ArtifexGpl Ghostscript Version8.62
ArtifexGpl Ghostscript Version8.63
ArtifexGpl Ghostscript Version8.64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 6.69% 0.903
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C