2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2017-9835" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2017-07-26T19:29:00.570" ,
2023-11-07 21:03:21 +00:00
"lastModified" : "2023-11-07T02:50:53.877" ,
"vulnStatus" : "Modified" ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c."
} ,
{
"lang" : "es" ,
"value" : "La funci\u00f3n gs_alloc_ref_array en psi/ialloc.c en Artifex Ghostscript versi\u00f3n 9.21 permite a los atacantes remotos causar una denegaci\u00f3n de servicio (DoS) (desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria y bloqueo de la aplicaci\u00f3n) o posiblemente tener otro impacto no especificado por medio de un documento PostScript creado. Esto est\u00e1 relacionado con la falta de una comprobaci\u00f3n de desbordamiento de enteros en base/gsalloc.c."
}
] ,
"metrics" : {
"cvssMetricV30" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.0" ,
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P" ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
"availabilityImpact" : "PARTIAL" ,
"baseScore" : 6.8
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-190"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0BC5891C-6572-4B5F-9249-DADE456F6510"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DEECE5FC-CACF-4496-A3E7-164736409252"
}
]
}
]
}
] ,
"references" : [
{
2023-11-07 21:03:21 +00:00
"url" : "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=cfde94be1d4286bc47633c6e6eaf4e659bd78066" ,
"source" : "cve@mitre.org"
2023-04-24 12:24:31 +02:00
} ,
{
"url" : "http://www.debian.org/security/2017/dsa-3986" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "http://www.securityfocus.com/bid/99991" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697985" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Issue Tracking" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://security.gentoo.org/glsa/201811-12" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
}
]
}
