7.8

CVE-2017-9611

Exploit
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexGhostscript Version9.21
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.95% 0.776
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/201811-12
Third Party Advisory
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c7c55972758a93350882c32147801a3485b010fe
http://www.debian.org/security/2017/dsa-3986
Third Party Advisory
http://www.securityfocus.com/bid/99975
Third Party Advisory
VDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=698024
Third Party Advisory
Exploit
Issue Tracking