CVSS: 7.8EPSS: 52%CPEs: 20EXPL: 2CVE-2017-8291 – Artifex Ghostscript Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-8291
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Artifex Ghostscript permite sobrepasar -dSAFER y la ejecución de comandos remotos a través de una vulnerabilidad de type confusion en .rsdparams con una subcadena "/ OutputFile (% pipe%" en un documento .eps que se utilice como entrada al gs. It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile. • https://www.exploit-db.com/exploits/41955 http://openwall.com/lists/oss-security/2017/04/28/2 http://www.debian.org/security/2017/dsa-3838 http://www.securityfocus.com/bid/98476 https://access.redhat.com/errata/RHSA-2017:1230 https://bugs.ghostscript.com/show_bug.cgi?id=697808 https://bugzilla.redhat.com/show_bug.cgi?id=1446063 https://bugzilla.suse.com/show_bug.cgi?id=1036453 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7948
https://notcve.org/view.php?id=CVE-2017-7948
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. Desbordamiento de entero en la función mark_curve en Artifex Ghostscript 9.21 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída de aplicación) o posiblemente tener otro impacto no especificado a través de un documento PostScript manipulado. • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=8210a2864372723b49c526e2b102fdc00c9c4699 https://bugs.ghostscript.com/show_bug.cgi?id=697762 https://security.gentoo.org/glsa/201811-12 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10317
https://notcve.org/view.php?id=CVE-2016-10317
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. La función fill_threshhold_buffer en base/gxht_thresh.c en Artifex Software, Inc. Ghostscript 9.20 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un documento PostScript manipulado. • http://www.securityfocus.com/bid/97410 https://bugs.ghostscript.com/show_bug.cgi?id=697459 https://usn.ubuntu.com/3636-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10219
https://notcve.org/view.php?id=CVE-2016-10219
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. La función intersect en base/gxfill.c en Artifex Software, Inc. Ghostscript 9.20 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de la aplicación) a través de un archivo manipulado. • http://www.debian.org/security/2017/dsa-3838 http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f https://bugs.ghostscript.com/show_bug.cgi?id=697453 https://security.gentoo.org/glsa/201708-06 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5951
https://notcve.org/view.php?id=CVE-2017-5951
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. La función mem_get_bits_rectangle en base/gdevmem.c en Artifex Software, Inc. Ghostscript 9.20 permite a atacantes remotos provocar una denegación de servicio (referencia al puntero NULL y caída de la aplicación) a través de un archivo manipulado. • http://www.debian.org/security/2017/dsa-3838 http://www.securityfocus.com/bid/98665 https://bugs.ghostscript.com/show_bug.cgi?id=697548 https://security.gentoo.org/glsa/201708-06 • CWE-476: NULL Pointer Dereference •