CVE-2016-7979

EPSS 1.61%
Published 23.05.2017 04:29:01
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Artifex ≫ Ghostscript Version <= 9.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.61%	0.81

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

http://rhn.redhat.com/errata/RHSA-2017-0013.html

http://rhn.redhat.com/errata/RHSA-2017-0014.html

http://www.debian.org/security/2016/dsa-3691

https://security.gentoo.org/glsa/201702-31

http://www.openwall.com/lists/oss-security/2016/10/05/15

Patch

Mailing List

http://git.ghostscript.com/?p=ghostpdl.git%3Bh=875a0095f37626a721c7ff57d606a0f95af03913

http://www.securityfocus.com/bid/95337

Third Party Advisory

VDB Entry

https://bugs.ghostscript.com/show_bug.cgi?id=697190

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2016-7979

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-7979

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-7979

EUVD