CVE-2016-7977

EPSS 1.07%
Published 23.05.2017 04:29:01
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

Affected products Warnungen 0 Metrics 3 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Artifex ≫ Ghostscript Version <= 9.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.07%	0.77

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://rhn.redhat.com/errata/RHSA-2017-0013.html

http://rhn.redhat.com/errata/RHSA-2017-0014.html

http://www.debian.org/security/2016/dsa-3691

http://www.openwall.com/lists/oss-security/2016/09/29/28

Patch

Mailing List

https://bugs.ghostscript.com/show_bug.cgi?id=697169

Patch

Issue Tracking

https://ghostscript.com/doc/9.21/History9.htm

Release Notes

https://security.gentoo.org/glsa/201702-31

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70

http://www.openwall.com/lists/oss-security/2016/10/05/15

Patch

Mailing List

http://www.securityfocus.com/bid/95334

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-7977

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-7977

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-7977

EUVD