PT-2019-8030 · Artifex+1 · Artifex Ghostscript+1

Jasper Yu

Publicado

2019-05-23

Atualizado

2019-05-27

CVE-2017-15652

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript version 9.22

Description The issue allows an attacker to obtain sensitive information by opening a postscript file through Ghostscript. The affected components include the source code file, function, executable, and libga, which is also used by ImageMagick, making it affected as well.

Recommendations For Artifex Ghostscript version 9.22, consider restricting access to postscript files until a fix is available. As a temporary workaround, avoid using the affected libga component, which is also used by ImageMagick, to minimize the risk of exploitation.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2017-15652

Produtos afetados

Artifex Ghostscript

Imagemagick

PT-2019-8030 · Artifex+1 · Artifex Ghostscript+1

CVE-2017-15652

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11