CVE-2017-6196
HIGHafpl_ghostscript < 8452f9238959a4d518af365812bf031fe4d8d4b7 - Use-After-Free in gx_image_enum_begin
Title source: llmDescription
Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037899
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96428
Patch x_refsource_confirm
http://git.ghostscript.com/?p=ghostpdl.git%3Bh=ecceafe3abba2714ef9b432035fe0739d9b1a283
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201708-06
Issue Tracking, Patch x_refsource_confirm
https://bugs.ghostscript.com/show_bug.cgi?id=697596
Scores
CVSS v3
7.8
EPSS
0.0035
EPSS Percentile
57.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
artifex/afpl_ghostscript
< 8452f9238959a4d518af365812bf031fe4d8d4b7
Published
Feb 24, 2017
Tracked Since
Feb 18, 2026