Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-7977

Опубликовано: 23 мая 2017
Источник: debian

Описание

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ghostscriptfixed9.19~dfsg-3.1package

Примечания

  • Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169

  • Reproducer: https://www.openwall.com/lists/oss-security/2016/09/29/28

  • Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70

  • https://www.openwall.com/lists/oss-security/2016/10/05/7

Связанные уязвимости

ubuntu логотип

CVE-2016-7977

CVSS3: 5.5
ubuntu
больше 8 лет назад

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

redhat логотип

CVE-2016-7977

CVSS3: 6.2
redhat
около 9 лет назад

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

nvd логотип

CVE-2016-7977

CVSS3: 5.5
nvd
больше 8 лет назад

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

github логотип

GHSA-cvc4-qjwp-hwhc

CVSS3: 5.5
github
больше 3 лет назад

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

suse-cvrf логотип

SUSE-SU-2016:2493-1

suse-cvrf
около 9 лет назад

Security update for ghostscript-library