CVE-2016-7977

EPSS 0.91%
Veröffentlicht 23.05.2017 04:29:01
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Artifex ≫ Ghostscript Version <= 9.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.91%	0.751

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://rhn.redhat.com/errata/RHSA-2017-0013.html

http://rhn.redhat.com/errata/RHSA-2017-0014.html

http://www.debian.org/security/2016/dsa-3691

http://www.openwall.com/lists/oss-security/2016/09/29/28

Patch

Mailing List

https://bugs.ghostscript.com/show_bug.cgi?id=697169

Patch

Issue Tracking

https://ghostscript.com/doc/9.21/History9.htm

Release Notes

https://security.gentoo.org/glsa/201702-31

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70

http://www.openwall.com/lists/oss-security/2016/10/05/15

Patch

Mailing List

http://www.securityfocus.com/bid/95334

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-7977

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-7977

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-7977

EUVD