Description
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
CVSS Metrics
- Vector
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- Access Vector
- network
- Access Cmplx
- medium
- Auth
- none
- Confidentiality
- complete
- Integrity
- complete
- Availability
- complete
- Weaknesses
- CWE-119
Metadata
- Primary Vendor
- GHOSTSCRIPT
- Published
- 4/16/2009
- Last Modified
- 4/9/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
ghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscriptghostscript : ghostscript
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.