CVE-2017-8908 — Out-of-bounds Read in Ghostscript

CWE-125 — Out-of-bounds Read8 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 39.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript

Timeline

PublishedMay 12

Latest updateMay 17

Description

The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianartifex/ghostscript< 9.22~dfsg-1+3

▶NVDartifex/ghostscript9.21

Patches

Patch: bugs.ghostscript.com ↗Patch: bugs.ghostscript.com ↗

🔴Vulnerability Details

GHSA

GHSA-wq9w-w8pf-99c8: The mark_line_tr function in gxscanc↗2022-05-17

▶

CVEList

CVE-2017-8908: The mark_line_tr function in gxscanc↗2017-05-12

▶

OSV

CVE-2017-8908: The mark_line_tr function in gxscanc↗2017-05-12

▶

📋Vendor Advisories

Red Hat

ghostscript: Out-of-bounds read in mark_line_tr function↗2017-04-29

▶

Debian

CVE-2017-8908: ghostscript - The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote...↗2017

▶

💬Community

Bugzilla

CVE-2017-8908 ghostscript: Out-of-bounds read in mark_line_tr function [fedora-all]↗2017-05-16

▶

Bugzilla

CVE-2017-8908 ghostscript: Out-of-bounds read in mark_line_tr function↗2017-05-16

▶