Heap-based Buffer Over-read in Artifex Ghostscript GhostXPS
CVE-2017-9727

7.8HIGH

Key Information:

Vendor
Artifex
Status
Ghostscript Ghostxps
Vendor
CVE Published:
26 July 2017

Summary

The gx_ttfReader__Read function in the Artifex Ghostscript GhostXPS product version 9.21 is susceptible to a heap-based buffer over-read vulnerability. This allows remote attackers to exploit this weakness by crafting a specific document that may lead to a denial of service, causing the application to crash. In some instances, this could result in additional impacts that have yet to be fully specified. Users and administrators are advised to review the provided resources for more details and implement necessary updates to mitigate this risk.

References

https://security.gentoo.org/glsa/201811-12
vendor-advisoryx_refsource_GENTOO
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh...
x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3986
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.