Heap-Based Buffer Over-Read Vulnerability in Ghostscript
CVE-2017-9610

7.8HIGH

Key Information:

Vendor

Artifex
Status
Ghostscript Ghostxps
Vendor
CVE Published:
26 July 2017

What is CVE-2017-9610?

The xps_load_sfnt_name function in Artifex Ghostscript's GhostXPS version 9.21 is susceptible to a heap-based buffer over-read vulnerability. This flaw enables remote attackers to exploit the affected application by sending specially crafted documents, which can result in a denial of service, including application crashes, and may potentially lead to additional unspecified impacts. It is imperative for users of Ghostscript to stay informed and apply necessary updates to mitigate this vulnerability.

References

https://bugs.ghostscript.com/show_bug.cgi?id=698025
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201811-12
vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/99976
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.