ID CVE-2017-7207
Summary The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:ghostscript:9.20
    cpe:2.3:a:artifex:ghostscript:9.20
CVSS
Base: 4.3 (as of 23-03-2017 - 07:00)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
redhat via4
advisories
bugzilla
id 1436273
title ghostscript update cause symbol lookup error
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment ghostscript is earlier than 0:9.07-28.el7
        oval oval:com.redhat.rhsa:tst:20172180007
      • comment ghostscript is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120095006
    • AND
      • comment ghostscript-cups is earlier than 0:9.07-28.el7
        oval oval:com.redhat.rhsa:tst:20172180011
      • comment ghostscript-cups is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20170013010
    • AND
      • comment ghostscript-devel is earlier than 0:9.07-28.el7
        oval oval:com.redhat.rhsa:tst:20172180009
      • comment ghostscript-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120095010
    • AND
      • comment ghostscript-doc is earlier than 0:9.07-28.el7
        oval oval:com.redhat.rhsa:tst:20172180013
      • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120095012
    • AND
      • comment ghostscript-gtk is earlier than 0:9.07-28.el7
        oval oval:com.redhat.rhsa:tst:20172180005
      • comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120095008
rhsa
id RHSA-2017:2180
released 2017-08-01
severity Low
title RHSA-2017:2180: ghostscript security and bug fix update (Low)
rpms
  • ghostscript-0:9.07-28.el7
  • ghostscript-cups-0:9.07-28.el7
  • ghostscript-devel-0:9.07-28.el7
  • ghostscript-doc-0:9.07-28.el7
  • ghostscript-gtk-0:9.07-28.el7
refmap via4
bid 96995
confirm
debian DSA-3838
gentoo GLSA-201708-06
sectrack 1039071
Last major update 23-03-2017 - 09:16
Published 21-03-2017 - 02:59
Last modified 03-11-2017 - 21:29
Back to Top