Information Disclosure Vulnerability in Artifex Ghostscript 9.22 and ImageMagick
CVE-2017-15652

5.5MEDIUM

Key Information:

Vendor

Artifex
Status
Ghostscript
Vendor
CVE Published:
23 May 2019

What is CVE-2017-15652?

Artifex Ghostscript 9.22 is susceptible to an information disclosure vulnerability that could allow attackers to obtain sensitive information. Exploitation requires a user to open a specially crafted PostScript file through Ghostscript. The vulnerability also affects ImageMagick due to its dependency on the libga library, which is shared with Ghostscript. Proper security measures should be taken to mitigate such risks, ensuring that systems are safeguarded against this type of attack.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugs.ghostscript.com/show_bug.cgi?id=698676
x_refsource_MISC
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/108463
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.