Heap-Based Buffer Over-Read Vulnerability in Ghostscript
CVE-2017-9610
7.8HIGH
What is CVE-2017-9610?
The xps_load_sfnt_name function in Artifex Ghostscript's GhostXPS version 9.21 is susceptible to a heap-based buffer over-read vulnerability. This flaw enables remote attackers to exploit the affected application by sending specially crafted documents, which can result in a denial of service, including application crashes, and may potentially lead to additional unspecified impacts. It is imperative for users of Ghostscript to stay informed and apply necessary updates to mitigate this vulnerability.