CVE-2016-7977
published 2017-05-23CVE-2016-7977: Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the…
medium5.5CVSS 3.0
AVLACLPRNUIRSUCHINAN
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | <= 9.20 | — |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.21~dfsg-1 | 9.21~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.21~dfsg-1 | 9.21~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.21~dfsg-1 | 9.21~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.21~dfsg-1 | 9.21~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.10~dfsg-0ubuntu10.5 | 9.10~dfsg-0ubuntu10.5 |
| artifex | ghostscript | >= 0 < 9.18~dfsg~0-0ubuntu2.2 | 9.18~dfsg~0-0ubuntu2.2 |
| debian | ghostscript | < ghostscript 9.21~dfsg-1 (bookworm) | ghostscript 9.21~dfsg-1 (bookworm) |
| debian | ghostscript | < ghostscript 9.19~dfsg-3.1 (bookworm) | ghostscript 9.19~dfsg-3.1 (bookworm) |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv5.5MEDIUM