ID CVE-2017-6196
Summary Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:afpl_ghostscript:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:6.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:6.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:6.50:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:6.50:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:7.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:7.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:7.03:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:7.03:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:7.04:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:7.04:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.11:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.12:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.12:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.13:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.13:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.14:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.14:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.50:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.50:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.51:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.51:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.52:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.52:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.53:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.53:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.54:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.54:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 22-08-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 96428
confirm
gentoo GLSA-201708-06
sectrack 1037899
Last major update 22-08-2017 - 01:29
Published 24-02-2017 - 04:59
Last modified 22-08-2017 - 01:29
Back to Top