CVE-2016-10220
Debian Security Advisory 3838-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.
La función gs_makewordimagedevice en base/gsdevmem.c en Artifex Software, Inc. Ghostscript 9.20 permite a atacantes remotos provocar una denegación de servicio (referencia al puntero NULL y caída de la aplicación) a través de un archivo manipulado que no es manejado correctamente en el modulo PDF Transparency.
It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-02-09 CVE Reserved
- 2017-04-03 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://bugs.ghostscript.com/show_bug.cgi?id=697450 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3838 | 2017-11-04 | |
http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8 | 2017-11-04 | |
https://security.gentoo.org/glsa/201708-06 | 2017-11-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Artifex Search vendor "Artifex" | Ghostscript Search vendor "Artifex" for product "Ghostscript" | 9.20 Search vendor "Artifex" for product "Ghostscript" and version "9.20" | - |
Affected
|