CVE-2016-7979
published 2017-05-23CVE-2016-7979: Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | <= 9.20 | — |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.10~dfsg-0ubuntu10.5 | 9.10~dfsg-0ubuntu10.5 |
| artifex | ghostscript | >= 0 < 9.18~dfsg~0-0ubuntu2.2 | 9.18~dfsg~0-0ubuntu2.2 |
| debian | ghostscript | < ghostscript 9.19~dfsg-3.1 (bookworm) | ghostscript 9.19~dfsg-3.1 (bookworm) |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL