CVE-2016-7977 — Sensitive Information Exposure in Ghostscript

CWE-200 — Sensitive Information Exposure13 documents9 sources

Severity

5.5MEDIUMNVD

EPSS

1.4%

top 19.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript

Timeline

PublishedMay 23

Latest updateMay 14

Description

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianartifex/ghostscript< 9.19~dfsg-3.1+3

▶NVDartifex/ghostscript9.20

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: bugs.ghostscript.com ↗

🔴Vulnerability Details

GHSA

GHSA-cvc4-qjwp-hwhc: Ghostscript before 9↗2022-05-14

▶

OSV

CVE-2016-7977: Ghostscript before 9↗2017-05-23

▶

CVEList

CVE-2016-7977: Ghostscript before 9↗2017-05-23

▶

OSV

ghostscript vulnerabilities↗2016-12-02

▶

📋Vendor Advisories

Ubuntu

Ghostscript vulnerabilities↗2016-12-02

▶

Red Hat

ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files↗2016-10-05

▶

Red Hat

ghostscript: .libfile does not honor -dSAFER↗2016-09-28

▶

Debian

CVE-2016-7977: ghostscript - Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode pr...↗2016

▶

💬Community

Bugzilla

CVE-2016-7977 ghostscript: .libfile does not honor -dSAFER↗2016-09-29

▶

Bugzilla

CVE-2015-7977 ntp: restriction list NULL pointer dereference↗2016-01-20

▶