CVE-2017-11714
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
El archivo psi/ztoken.c en Artifex Ghostscript versión 9.21, maneja inapropiadamente las referencias a la estructura de estado del escáner, que permite a los atacantes remotos generar una denegación de servicio (bloqueo de aplicación) o posiblemente tener otro impacto no especificado por medio de un documento PostScript creado, relacionado con una lectura fuera de limites de la función igc_reloc_struct_ptr en el archivo psi/igc.c.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-07-27 CVE Reserved
- 2017-07-28 CVE Published
- 2023-12-13 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=671fd59eb657743aa86fbc1895cb15872a317caa | X_refsource_confirm | |
| http://www.securitytracker.com/id/1039233 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.ghostscript.com/show_bug.cgi?id=698158 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3986 | 2023-11-07 | |
| https://security.gentoo.org/glsa/201811-12 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Artifex Search vendor "Artifex" | Ghostscript Search vendor "Artifex" for product "Ghostscript" | 9.21 Search vendor "Artifex" for product "Ghostscript" and version "9.21" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||