PT-2019-8030 · Artifex+1 · Artifex Ghostscript+1

Jasper Yu

Published

2019-05-23

Updated

2019-05-27

CVE-2017-15652

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript version 9.22

Description The issue allows an attacker to obtain sensitive information by opening a postscript file through Ghostscript. The affected components include the source code file, function, executable, and libga, which is also used by ImageMagick, making it affected as well.

Recommendations For Artifex Ghostscript version 9.22, consider restricting access to postscript files until a fix is available. As a temporary workaround, avoid using the affected libga component, which is also used by ImageMagick, to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-15652

Affected Products

Artifex Ghostscript

Imagemagick

PT-2019-8030 · Artifex+1 · Artifex Ghostscript+1

CVE-2017-15652

Weakness Enumeration

Related Identifiers

Affected Products

References · 11