Описание
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ghostscript | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | ghostscript | Will not fix | ||
| Red Hat Enterprise Linux 6 | ghostscript | Fixed | RHSA-2017:0014 | 04.01.2017 |
| Red Hat Enterprise Linux 7 | ghostscript | Fixed | RHSA-2017:0013 | 04.01.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS3
5.1 Medium
CVSS2
Связанные уязвимости
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 al ...
EPSS
5.8 Medium
CVSS3
5.1 Medium
CVSS2