Описание
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ghostscript | Not affected | ||
| Red Hat Enterprise Linux 6 | ghostscript | Not affected | ||
| Red Hat OpenShift Enterprise 2 | ghostscript | Not affected | ||
| Red Hat Enterprise Linux 7 | ghostscript | Fixed | RHSA-2017:0013 | 04.01.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS3
5.1 Medium
CVSS2
Связанные уязвимости
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
Use-after-free vulnerability in Ghostscript 9.20 might allow remote at ...
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
EPSS
5.8 Medium
CVSS3
5.1 Medium
CVSS2