Published: 26/07/2017 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote malicious users to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex ghostscript 9.21
debian debian linux 8.0
debian debian linux 9.0

Several security issues were fixed in Ghostscript ...

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service if a specially crafted Postscript file is processed For the oldstable distribution (jessie), these problems have been fixed in version 906~dfsg-2+deb8u6 For the stable distribution (stretch), these problems have been ...

Debian Bug report logs - #869916 ghostscript: CVE-2017-9612: heap-use-after-free in Ins_IP(base/ttinterpc) Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Jul 2017 15:27:02 UTC Sev ...

Debian Bug report logs - #869917 ghostscript: CVE-2017-9611: heap-buffer-overflow in Ins_MIRP(base/ttinterpc) Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Jul 2017 15:27:04 UTC ...

Debian Bug report logs - #869907 ghostscript: CVE-2017-9835: heap-buffer-overflow in gs_alloc_ref_array(iallocc) Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Jul 2017 14:45:01 UT ...

Debian Bug report logs - #869913 ghostscript: CVE-2017-9727: heap-buffer-overflow in gx_ttfReader__Read(base/gxttfbc) Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Jul 2017 15:09: ...

Debian Bug report logs - #869910 ghostscript: CVE-2017-9739: heap-buffer-overflow in Ins_JMPR Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Jul 2017 14:57:04 UTC Severity: grave T ...

Debian Bug report logs - #869977 ghostscript: CVE-2017-11714: Out of bounds read in igc_reloc_struct_ptr() Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 28 Jul 2017 10:51:02 UTC Seve ...

Debian Bug report logs - #869915 ghostscript: CVE-2017-9726: heap-use-after-free in Ins_MDRP(base/ttinterpc) Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Jul 2017 15:24:01 UTC S ...

CWE-190 https://bugs.ghostscript.com/show_bug.cgi?id=697985 http://www.securityfocus.com/bid/99991 http://www.debian.org/security/2017/dsa-3986 https://security.gentoo.org/glsa/201811-12 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=cfde94be1d4286bc47633c6e6eaf4e659bd78066 https://usn.ubuntu.com/3403-1/https://nvd.nist.gov

Get Started

CVE-2017-9835

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect