CVE-2016-7979

Опубликовано: 23 мая 2017

Источник: debian

EPSS Низкий

Описание

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ghostscript	fixed	9.19~dfsg-3.1		package

Примечания

Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
https://www.openwall.com/lists/oss-security/2016/10/05/7
https://www.openwall.com/lists/oss-security/2016/10/05/19

EPSS

Процентиль: 81%

0.01608

Низкий

Связанные уязвимости

CVE-2016-7979

CVSS3: 9.8

ubuntu

больше 8 лет назад

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

CVE-2016-7979

CVSS3: 5.8

redhat

около 9 лет назад

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

CVE-2016-7979

CVSS3: 9.8

nvd

больше 8 лет назад

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

GHSA-vwgm-gwqf-q8px

CVSS3: 9.8

github

больше 3 лет назад

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

openSUSE-SU-2016:2574-1

suse-cvrf

около 9 лет назад

Security update for ghostscript-library

EPSS

Процентиль: 81%

0.01608

Низкий