CVE-2016-7978
published 2017-05-23CVE-2016-7978: Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | — | — |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.10~dfsg-0ubuntu10.5 | 9.10~dfsg-0ubuntu10.5 |
| artifex | ghostscript | >= 0 < 9.18~dfsg~0-0ubuntu2.2 | 9.18~dfsg~0-0ubuntu2.2 |
| debian | ghostscript | < ghostscript 9.19~dfsg-3.1 (bookworm) | ghostscript 9.19~dfsg-3.1 (bookworm) |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL