CVE-2016-8602
ghostscript: check for sufficient params in .sethalftone5
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
La función .sethalftone5 en psi/zht2.c en Ghostscript en versiones anteriores a 9.21 permite a los atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario a través de un documento Postscript que llama a .sethalftone5 con una pila de operandos vacía.
It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-11 CVE Reserved
- 2016-12-02 CVE Published
- 2024-07-15 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-704: Incorrect Type Conversion or Cast
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=f5c7555c303 | X_refsource_confirm | |
http://www.securityfocus.com/bid/95311 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/10/11/5 | 2023-11-07 | |
http://www.openwall.com/lists/oss-security/2016/10/11/7 | 2023-11-07 | |
https://bugs.ghostscript.com/show_bug.cgi?id=697203 | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1383940 | 2017-01-04 | |
https://ghostscript.com/doc/9.21/History9.htm | 2023-11-07 |
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2017-0013.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0014.html | 2023-11-07 | |
http://www.debian.org/security/2016/dsa-3691 | 2023-11-07 | |
https://security.gentoo.org/glsa/201702-31 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2016-8602 | 2017-01-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Artifex Search vendor "Artifex" | Ghostscript Search vendor "Artifex" for product "Ghostscript" | <= 9.20 Search vendor "Artifex" for product "Ghostscript" and version " <= 9.20" | - |
Affected
|