CVE-2009-0196

Name	CVE-2009-0196
Description	Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2080-1, DTSA-198-1
Debian Bugs	524803, 561717

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
ghostscript (PTS)	jessie, jessie (lts)	9.26a~dfsg-0+deb8u12	fixed
	stretch (security)	9.26a~dfsg-0+deb9u9	fixed
	stretch (lts), stretch	9.26a~dfsg-0+deb9u12	fixed
	buster (security), buster, buster (lts)	9.27~dfsg-2+deb10u9	fixed
	bullseye	9.53.3~dfsg-7+deb11u7	fixed
	bullseye (security)	9.53.3~dfsg-7+deb11u8	fixed
	bookworm	10.0.0~dfsg-11+deb12u5	fixed
	bookworm (security)	10.0.0~dfsg-11+deb12u6	fixed
	sid, trixie	10.04.0~dfsg-1	fixed
jbig2dec (PTS)	jessie, jessie (lts)	0.13-4~deb8u3	fixed
	stretch (security), stretch (lts), stretch	0.13-4.1+deb9u1	fixed
	buster	0.16-1+deb10u1	fixed
	bullseye	0.19-2	fixed
	bookworm	0.19-3	fixed
	sid, trixie	0.20-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
ghostscript	source	lenny	8.62.dfsg.1-3.2lenny4		DSA-2080-1
ghostscript	source	squeeze	8.64~dfsg-1+squeeze1		DTSA-198-1
ghostscript	source	(unstable)	8.64~dfsg-1.1	medium		524803
gs-gpl	source	(unstable)	(unfixed)	medium		561717
jbig2dec	source	(unstable)	(not affected)

- jbig2dec <not-affected> (already fixed in initial upload)