Alpaquita Linux
Security Advisory

CVE-2017-9620

Published: July 26, 2017Last modified: November 9, 2023

Description

The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function.

Severity score breakdown

ParameterValue
Base score7.8
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSghostscriptNot affected (10.01.2-r0)
StreamghostscriptNot affected (10.01.2-r0)

References

ON THIS PAGE