CVE-2016-7978

Published: May 23, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.

Affected (1)

Products: Artifex: Ghostscript

Artifex

1 product

Ghostscript

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript	Version 9.20

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (12)

http://rhn.redhat.com/errata/RHSA-2017-0013.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3691

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/10/05/15

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/95336

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.ghostscript.com/show_bug.cgi?id=697179

Source: cve@mitre.org

Issue TrackingPatch

https://security.gentoo.org/glsa/201702-31

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2017-0013.html