CVE-2017-6196Use After Free in Afpl Ghostscript

CWE-416Use After Free8 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 42.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex GhostscriptArtifex Afpl Ghostscript
Timeline
PublishedFeb 24
Latest updateMay 17

Description

Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Ubuntuartifex/ghostscript< 9.10~dfsg-0ubuntu10.6+1
NVDartifex/afpl_ghostscript8452f9238959a4d518af365812bf031fe4d8d4b7

Patches

Patch: bugs.ghostscript.comPatch: bugs.ghostscript.com

🔴Vulnerability Details

3
GHSA
GHSA-2ch2-m5qc-grp2: Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel2022-05-17
OSV
CVE-2017-6196: Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel2017-02-24
CVEList
CVE-2017-6196: Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel2017-02-24

📋Vendor Advisories

2
Red Hat
ghostscript: Multiple use-after-free vulnerabilities in gx_image_enum_begin function2017-02-20
Debian
CVE-2017-6196: ghostscript - Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in b...2017

💬Community

2
Bugzilla
CVE-2017-6196 ghostscript: Multiple use-after-free vulnerabilities in gx_image_enum_begin function [fedora-all]2017-02-28
Bugzilla
CVE-2017-6196 ghostscript: Multiple use-after-free vulnerabilities in gx_image_enum_begin function2017-02-28
CVE-2017-6196 — Use After Free in Afpl Ghostscript | cvebase