CVE-2016-7976 — Improper Input Validation in Ghostscript

CWE-20 — Improper Input Validation10 documents9 sources

Severity

8.8HIGHNVD

OSV5.5

EPSS

46.8%

top 2.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript

Timeline

PublishedAug 7

Latest updateMay 17

Description

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶Debianartifex/ghostscript< 9.19~dfsg-3.1+3

▶Ubuntuartifex/ghostscript< 9.10~dfsg-0ubuntu10.5+1

▶NVDartifex/ghostscript9.18, 9.20+1

🔴Vulnerability Details

GHSA

GHSA-9v96-pr6j-ghxc: The PS Interpreter in Ghostscript 9↗2022-05-17

▶

CVEList

CVE-2016-7976: The PS Interpreter in Ghostscript 9↗2017-08-07

▶

OSV

CVE-2016-7976: The PS Interpreter in Ghostscript 9↗2017-08-07

▶

OSV

ghostscript vulnerabilities↗2016-12-02

▶

📋Vendor Advisories

Ubuntu

Ghostscript vulnerabilities↗2016-12-02

▶

Red Hat

ghostscript: various userparams allow %pipe% in paths, allowing remote shell↗2016-09-30

▶

Debian

CVE-2016-7976: ghostscript - The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execu...↗2016

▶

💬Community

Bugzilla

CVE-2016-7976 ghostscript: various userparams allow %pipe% in paths, allowing remote shell↗2016-10-06

▶