CVE-2017-11714
Description
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.335
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Ghostscript 9.21 | Windows |
| PostScript and PDF interpreter (USN-3272-2) libgs9_9.10~dfsg-0ubuntu10.10_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) libgs9_9.18~dfsg~0-0ubuntu2.7_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) libgs9_9.18~dfsg~0-0ubuntu2.7_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) libgs9_9.19~dfsg+1-0ubuntu7.6_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) libgs9_9.19~dfsg+1-0ubuntu7.6_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript_9.18~dfsg~0-0ubuntu2.7_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript_9.18~dfsg~0-0ubuntu2.7_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript_9.19~dfsg+1-0ubuntu7.6_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript_9.19~dfsg+1-0ubuntu7.6_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript-x_9.10~dfsg-0ubuntu10.10_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript-x_9.18~dfsg~0-0ubuntu2.7_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript-x_9.18~dfsg~0-0ubuntu2.7_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript-x_9.19~dfsg+1-0ubuntu7.6_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript-x_9.19~dfsg+1-0ubuntu7.6_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) libgs9-common_9.10~dfsg-0ubuntu10.10_all.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) libgs9-common_9.18~dfsg~0-0ubuntu2.7_all.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) libgs9-common_9.19~dfsg+1-0ubuntu7.6_all.deb | Linux |
| Ghostscript 9.10 dfsg-0ubuntu10.9 for Ubuntu 14.04 LTS (x64) ghostscript_9.10~dfsg-0ubuntu10.10_amd64.deb | Linux |
| Ghostscript 9.18 dfsg 0-0ubuntu2.6 for Ubuntu 16.04 LTS (x64) ghostscript_9.18~dfsg~0-0ubuntu2.7_amd64.deb | Linux |
| Ghostscript 9.19 dfsg 1-0ubuntu7.4 for Ubuntu 17.04 (x64) ghostscript_9.19~dfsg+1-0ubuntu7.6_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3403-1) ghostscript_9.19~dfsg+1-0ubuntu7.6_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3403-1) ghostscript_9.19~dfsg+1-0ubuntu7.6_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3403-1) ghostscript-x_9.19~dfsg+1-0ubuntu7.6_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3403-1) ghostscript-x_9.19~dfsg+1-0ubuntu7.6_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3403-1) libgs9_9.19~dfsg+1-0ubuntu7.6_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3403-1) libgs9_9.19~dfsg+1-0ubuntu7.6_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3403-1) libgs9-common_9.19~dfsg+1-0ubuntu7.6_all.deb | Linux |
| SUSE-SU-2018:0407-1(SUSE Linux Enterprise Desktop 12-SP2 ) ghostscript-9.15-23.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0407-1(SUSE Linux Enterprise Desktop 12-SP2 ) ghostscript-debuginfo-9.15-23.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0407-1(SUSE Linux Enterprise Desktop 12-SP2 ) ghostscript-debugsource-9.15-23.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0407-1(SUSE Linux Enterprise Desktop 12-SP2 ) ghostscript-x11-9.15-23.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0407-1(SUSE Linux Enterprise Desktop 12-SP2 ) ghostscript-x11-debuginfo-9.15-23.7.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234