CVE-2016-7977 : Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode pr

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

Published 2017-05-23 04:29:02

Updated 2018-01-18 18:18:08

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2016-7977

Artifex » Ghostscript
Versions up to, including, (<=) 9.20
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-7977

EPSS FAQ

0.76%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 72 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-7977

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2016-7977

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-7977

http://www.openwall.com/lists/oss-security/2016/10/05/15

oss-security - Re: CVE Request - multiple ghostscript -dSAFER sandbox problems
Mailing List;Patch

CVEs referencing this url
http://www.debian.org/security/2016/dsa-3691

Debian -- Security Information -- DSA-3691-1 ghostscript

CVEs referencing this url
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70

git.ghostscript.com Git - ghostpdl.git/commitdiff
Patch
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Oracle Critical Patch Update - January 2018

CVEs referencing this url
https://security.gentoo.org/glsa/201702-31

GPL Ghostscript: Multiple vulnerabilities (GLSA 201702-31) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/95334

Ghostscript CVE-2016-7977 Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2017-0014.html

RHSA-2017:0014 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://ghostscript.com/doc/9.21/History9.htm

History of Ghostscript Versions 9.n
Release Notes

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2017-0013.html

RHSA-2017:0013 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/09/29/28

oss-security - Re: ImageMagick identify "d:" hangs
Mailing List;Patch

CVEs referencing this url
https://bugs.ghostscript.com/show_bug.cgi?id=697169

697169 – .libfile does not honor -dSAFER
Issue Tracking;Patch

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-7977

Products affected by CVE-2016-7977

Exploit prediction scoring system (EPSS) score for CVE-2016-7977

CVSS scores for CVE-2016-7977

CWE ids for CVE-2016-7977

References for CVE-2016-7977