CVE-2017-15652

Published: May 23, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well.

Affected (1)

Products: Artifex: Ghostscript

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript	Version 9.22

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2fc463d0e

Source: cve@mitre.org

http://www.securityfocus.com/bid/108463

Source: cve@mitre.org

https://bugs.ghostscript.com/show_bug.cgi?id=698676

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2fc463d0e

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/108463

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.ghostscript.com/show_bug.cgi?id=698676

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

Timeline

No history available yet.