CVE-2016-7979

EPSS 1.61%
Veröffentlicht 23.05.2017 04:29:01
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Artifex ≫ Ghostscript Version <= 9.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.61%	0.81

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

http://rhn.redhat.com/errata/RHSA-2017-0013.html

http://rhn.redhat.com/errata/RHSA-2017-0014.html

http://www.debian.org/security/2016/dsa-3691

https://security.gentoo.org/glsa/201702-31

http://www.openwall.com/lists/oss-security/2016/10/05/15

Patch

Mailing List

http://git.ghostscript.com/?p=ghostpdl.git%3Bh=875a0095f37626a721c7ff57d606a0f95af03913

http://www.securityfocus.com/bid/95337

Third Party Advisory

VDB Entry

https://bugs.ghostscript.com/show_bug.cgi?id=697190

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2016-7979

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-7979

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-7979

EUVD