Ghostscript Library: Integer Overflow, Heap Corruption, Remote Denial of Service Vulnerabilities

Users of Ghostscript library please be advised of integer overflow, heap corruption, remote Denial of Service Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

TSSA-2010-01: [TSSA-2010-01] Ghostscript library Ins_MINDEX() integer overflow and heap corruption

–[ Synopsis:

An off by one in the library shipped with Ghostscript in
versions <= 8.70 generates an integer overflow, which in turn
produces a heap corruption, resulting in a (remote) Denial of Service
(crash) in several applications using this library when processing a
specially crafted font.
This vulnerability cannot be exploited to execute arbitrary code under
GNU/Linux x86, to the best of our knowledge. Other targets, in
particular Windows have not been tested and may or may not allow
execution of arbitrary code.