CVE-2016-7978 - Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary c

CVE-2016-7978

Summary

Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.

References

Vulnerable Configurations

cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2017:0013

rpms

ghostscript-0:9.07-20.el7_3.1
ghostscript-cups-0:9.07-20.el7_3.1
ghostscript-debuginfo-0:9.07-20.el7_3.1
ghostscript-devel-0:9.07-20.el7_3.1
ghostscript-doc-0:9.07-20.el7_3.1
ghostscript-gtk-0:9.07-20.el7_3.1

refmap via4

bid	95336
confirm	https://bugs.ghostscript.com/show_bug.cgi?id=697179
debian	DSA-3691
gentoo	GLSA-201702-31
mlist	[oss-security] 20161005 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems

Last major update

05-01-2018 - 02:31

Published

23-05-2017 - 04:29

Last modified

05-01-2018 - 02:31