{"vuid":"VU#644319","idnumber":"644319","name":"Ghostscript Heap Corruption in TrueType bytecode interpreter","keywords":["Ghostscript heap corruption"],"overview":"The TrueType bytecode interpreter which is a part of Ghostscript is prone to heap corruption.","clean_desc":"Ghostscript includes a TrueType bytecode interpreter which is prone to an off by one bug which causes heap corruption. Further details can be found in the Ghostscript Bug #691044, Ghostscript r10602 commit statement and Toucan System's TSSA-2010-01 advisory.","impact":"An attacker may use a specially crafted document with a malformed TrueType font to cause a denial of service condition or execute arbitrary code.","resolution":"Upgrade to Ghostscript 8.71 or newer.","workarounds":"","sysaffected":"","thanks":"Thanks to Jonathan Brossard for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["https://code.google.com/p/ghostscript/source/detail?r=10602&path=/trunk/gs/base/ttinterp.c","http://bugs.ghostscript.com/show_bug.cgi?id=691044","http://toucan-system.com/advisories/tssa-2010-01.txt"],"cveids":["CVE-2009-3743"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-07-20T17:50:59Z","publicdate":"2010-08-24T00:00:00Z","datefirstpublished":"2010-08-24T16:27:14Z","dateupdated":"2010-12-06T15:32:11Z","revision":35,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"10","cam_easeofexploitation":"2","cam_attackeraccessrequired":"11","cam_scorecurrent":"0.45375","cam_scorecurrentwidelyknown":"1.2375","cam_scorecurrentwidelyknownexploited":"2.0625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.45375,"vulnote":null}