CVE-2017-15652 — MEDIUM (5.5)

Vulnerability Description

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Artifex	Ghostscript	9.22

Related Weaknesses (CWE)

CWE-200

References

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2fc463d0e
http://www.securityfocus.com/bid/108463
https://bugs.ghostscript.com/show_bug.cgi?id=698676ExploitPatchVendor Advisory
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2fc463d0e
http://www.securityfocus.com/bid/108463
https://bugs.ghostscript.com/show_bug.cgi?id=698676ExploitPatchVendor Advisory

FAQ

What is CVE-2017-15652?

CVE-2017-15652 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected ...

How severe is CVE-2017-15652?

CVE-2017-15652 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15652?

Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostscript.