Out-of-Bounds Write Vulnerability in Ghostscript by Artifex
CVE-2017-7975

7.8HIGH

Key Information:

Vendor

Artifex
Status
Jbig2dec
Vendor
CVE Published:
19 April 2017

What is CVE-2017-7975?

Artifex Ghostscript, utilizing the jbig2dec component version 0.13, is susceptible to an out-of-bounds write issue due to an integer overflow in the jbig2_build_huffman_table function. This vulnerability can occur when processing specially crafted JBIG2 files, potentially resulting in a crash of the application or in severe cases, could allow execution of arbitrary code, leading to serious security implications.

References

http://www.debian.org/security/2017/dsa-3855
vendor-advisoryx_refsource_DEBIAN
https://bugs.ghostscript.com/show_bug.cgi?id=697693
x_refsource_MISC
https://security.gentoo.org/glsa/201708-10
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.