7.5
CVSSv2

CVE-2016-7979

Published: 23/05/2017 Updated: 05/01/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Ghostscript prior to 9.21 might allow remote malicious users to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

Affected Products

Vendor Product Versions
ArtifexGhostscript9.20

Vendor Advisories

Synopsis Moderate: ghostscript security update Type/Severity Security Advisory: Moderate Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis Moderate: ghostscript security update Type/Severity Security Advisory: Moderate Topic An update for ghostscript is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
It was found that the ghostscript function initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw A specially crafted postscript document could cause a crash code execution in the context of the gs process ...
Ghostscript could be made to crash, run programs, or disclose sensitive information if it processed a specially crafted file ...
Debian Bug report logs - #839260 ghostscript: CVE-2016-7976: various userparams allow %pipe% in paths, allowing remote shell command execution Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported b ...
Debian Bug report logs - #839841 ghostscript: CVE-2016-7977: libfile doesn't check PermitFileReading array, allowing remote file disclosure Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: ...
Debian Bug report logs - #840451 ghostscript: CVE-2016-8602 Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Oct 2016 17:21:02 UTC Severity: grave Tags: patch, security, upstream Fo ...
Debian Bug report logs - #839845 ghostscript: CVE-2016-7978: reference leak in setdevice allows use-after-free and remote code execution Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, ...
Debian Bug report logs - #839118 ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode&gt ...
Debian Bug report logs - #839846 ghostscript: CVE-2016-7979: type confusion in initialize_dsc_parser allows remote code execution Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 5 Oct ...
It was found that the ghostscript functions getenv, filenameforall and libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target (CVE-2 ...
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or information disclosure if a specially crafted Postscript file is processed For the stable distribution (jessie), these problems have been fixed in version 906~dfsg-2+deb8u3 We recommend that you upgrade ...
Oracle VM Server for x86 Bulletin - January 2017 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are pub ...
Oracle Solaris Third Party Bulletin - July 2018 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical P ...
Oracle Linux Bulletin - January 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...