Описание
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ghostscript | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | ghostscript | Will not fix | ||
| Red Hat Enterprise Linux 6 | ghostscript | Fixed | RHSA-2017:0014 | 04.01.2017 |
| Red Hat Enterprise Linux 7 | ghostscript | Fixed | RHSA-2017:0013 | 04.01.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS3
5.1 Medium
CVSS2
Связанные уязвимости
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
EPSS
5.8 Medium
CVSS3
5.1 Medium
CVSS2