Vulnerability Description
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artifex | Ghostscript | 9.21 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=671fd59eb657743aa86fbc
- http://www.debian.org/security/2017/dsa-3986Third Party Advisory
- http://www.securitytracker.com/id/1039233Third Party AdvisoryVDB Entry
- https://bugs.ghostscript.com/show_bug.cgi?id=698158Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/201811-12Third Party Advisory
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=671fd59eb657743aa86fbc
- http://www.debian.org/security/2017/dsa-3986Third Party Advisory
- http://www.securitytracker.com/id/1039233Third Party AdvisoryVDB Entry
- https://bugs.ghostscript.com/show_bug.cgi?id=698158Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/201811-12Third Party Advisory
FAQ
What is CVE-2017-11714?
CVE-2017-11714 is a vulnerability with a CVSS score of 7.8 (HIGH). psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecifi...
How severe is CVE-2017-11714?
CVE-2017-11714 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11714?
Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostscript, Debian Debian Linux.