CVE-2017-9620
Publication date 26 July 2017
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function.
Status
Package | Ubuntu Release | Status |
---|---|---|
ghostscript | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release |
Notes
seth-arnold
Doublecheck if this breaks ABI (might be harmless)
leosilva
trusty and xenial hasn't xps code, so aren't affected zesty and artful aren't affected, xps code is not compiled
Patch details
Package | Patch details |
---|---|
ghostscript |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 · High |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |