ID CVE-2015-3228
Summary Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:afpl_ghostscript:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:6.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:6.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:6.50:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:6.50:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:7.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:7.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:7.03:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:7.03:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:7.04:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:7.04:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.11:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.12:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.12:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.13:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.13:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.14:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.14:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.50:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.50:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.51:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.51:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.52:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.52:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.53:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.53:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.54:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.54:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 21-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 76017
confirm
debian DSA-3326
gentoo GLSA-201612-33
mlist [oss-security] 20150723 CVE-2015-3228 - Ghostscript - Integer overflow
sectrack 1033149
ubuntu USN-2697-1
Last major update 21-09-2017 - 01:29
Published 11-08-2015 - 14:59
Last modified 21-09-2017 - 01:29
Back to Top