ID CVE-2017-7207
Summary The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1436273
title ghostscript update cause symbol lookup error
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment ghostscript is earlier than 0:9.07-28.el7
          oval oval:com.redhat.rhsa:tst:20172180001
        • comment ghostscript is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095009
      • AND
        • comment ghostscript-cups is earlier than 0:9.07-28.el7
          oval oval:com.redhat.rhsa:tst:20172180003
        • comment ghostscript-cups is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20170013004
      • AND
        • comment ghostscript-devel is earlier than 0:9.07-28.el7
          oval oval:com.redhat.rhsa:tst:20172180005
        • comment ghostscript-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095011
      • AND
        • comment ghostscript-doc is earlier than 0:9.07-28.el7
          oval oval:com.redhat.rhsa:tst:20172180007
        • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095013
      • AND
        • comment ghostscript-gtk is earlier than 0:9.07-28.el7
          oval oval:com.redhat.rhsa:tst:20172180009
        • comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095015
rhsa
id RHSA-2017:2180
released 2017-08-01
severity Low
title RHSA-2017:2180: ghostscript security and bug fix update (Low)
rpms
  • ghostscript-0:9.07-28.el7
  • ghostscript-cups-0:9.07-28.el7
  • ghostscript-debuginfo-0:9.07-28.el7
  • ghostscript-devel-0:9.07-28.el7
  • ghostscript-doc-0:9.07-28.el7
  • ghostscript-gtk-0:9.07-28.el7
refmap via4
bid 96995
confirm
debian DSA-3838
gentoo GLSA-201708-06
sectrack 1039071
Last major update 05-01-2018 - 02:31
Published 21-03-2017 - 06:59
Last modified 05-01-2018 - 02:31
Back to Top