CVE-2017-9620

Published: Jul 26, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function.

Affected (1)

Products: Artifex: Ghostscript Ghostxps

1 product

Ghostscript Ghostxps

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript Ghostxps	Version 9.21

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (8)

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3ee55637480d5e319a5de0481b01c3346855cbc9

Source: cve@mitre.org

http://www.securityfocus.com/bid/99990

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.ghostscript.com/show_bug.cgi?id=698050

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201811-12

Source: cve@mitre.org

Third Party Advisory

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3ee55637480d5e319a5de0481b01c3346855cbc9

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/99990

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.ghostscript.com/show_bug.cgi?id=698050

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201811-12

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.