Denial of Service in Artifex Ghostscript GhostXPS Product
CVE-2017-9619

7.8HIGH

Key Information:

Vendor
Artifex
Status
Ghostscript Ghostxps
Vendor
CVE Published:
26 July 2017

Summary

The vulnerability in Artifex Ghostscript GhostXPS 9.21 arises from the xps_true_callback_glyph_name function, which can be exploited by remote attackers. By supplying a specially crafted file, an attacker can trigger a segmentation violation, resulting in an application crash. This flaw exposes the affected software to denial of service, significantly undermining its reliability and availability. Users are advised to take precautionary measures and apply relevant updates to mitigate the risks associated with this vulnerability.

References

https://security.gentoo.org/glsa/201811-12
vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/99988
vdb-entryx_refsource_BID
https://bugs.ghostscript.com/show_bug.cgi?id=698042
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.