Remote Code Execution Vulnerability in Artifex GSView on Windows
CVE-2017-14947

7.8HIGH

Key Information:

Vendor: Artifex
Status: Gsview
Vendor: CVE Published:; 3 October 2022

Summary

Artifex GSView 6.0 Beta for Windows contains a vulnerability that can be exploited through specially crafted .xps files. An attacker can cause a read access violation in the program, potentially leading to arbitrary code execution or denial of service. This vulnerability stems from the mishandling of data during the processing of block data moves, allowing attackers to manipulate how files are read and executed.

References

https://bugs.ghostscript.com/show_bug.cgi?id=698551

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Oct 3, 2022