Vulnerability Details CVE-2016-7976
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.69
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git%3Ba=commit%3Bh=6d444c273da5499a4cd72f21cb6d4c9a5256807d
- http://www.debian.org/security/2016/dsa-3691
- http://www.openwall.com/lists/oss-security/2016/10/19/6
- http://www.securityfocus.com/bid/95332
- https://bugs.ghostscript.com/show_bug.cgi?id=697178
- https://security.gentoo.org/glsa/201702-31
- http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git%3Ba=commit%3Bh=6d444c273da5499a4cd72f21cb6d4c9a5256807d
- http://www.debian.org/security/2016/dsa-3691
- http://www.openwall.com/lists/oss-security/2016/10/19/6
- http://www.securityfocus.com/bid/95332
- https://bugs.ghostscript.com/show_bug.cgi?id=697178
- https://security.gentoo.org/glsa/201702-31
Products affected by CVE-2016-7976
-
cpe:2.3:a:artifex:ghostscript:9.18
-
cpe:2.3:a:artifex:ghostscript:9.20