CVE-2016-7977

Published: May 23, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

Affected (1)

Products: Artifex: Ghostscript

Artifex

1 product

Ghostscript

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript	Up to 9.20

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (22)

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2017-0013.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2017-0014.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3691

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/09/29/28

Source: cve@mitre.org

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2016/10/05/15

Source: cve@mitre.org

Mailing ListPatch

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/95334

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.ghostscript.com/show_bug.cgi?id=697169

Source: cve@mitre.org

Issue TrackingPatch

https://ghostscript.com/doc/9.21/History9.htm

Source: cve@mitre.org

Release Notes

https://security.gentoo.org/glsa/201702-31

Source: cve@mitre.org

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70