Denial of Service Vulnerability in Artifex Ghostscript GhostXPS
CVE-2017-9612

7.8HIGH

Key Information:

Vendor: Artifex
Status: Ghostscript Ghostxps
Vendor: CVE Published:; 26 July 2017

🔔 Create Artifex Vulnerability Alert

What is CVE-2017-9612?

The Ins_IP function in the base/ttinterp.c file of Artifex Ghostscript GhostXPS 9.21 contains a flaw that allows remote attackers to exploit a crafted document. This could lead to a denial of service due to a use-after-free condition, resulting in application crashes and potentially other unknown impacts.

References

https://security.gentoo.org/glsa/201811-12

vendor-advisoryx_refsource_GENTOO

https://bugs.ghostscript.com/show_bug.cgi?id=698026

x_refsource_CONFIRM

http://www.debian.org/security/2017/dsa-3986

vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2017
Vulnerability Reserved
Jun 13, 2017

.

CVE-2017-9612 : Denial of Service Vulnerability in Artifex Ghostscript GhostXPS