CVE-2016-7977

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
http://rhn.redhat.com/errata/RHSA-2017-0013.html
http://rhn.redhat.com/errata/RHSA-2017-0014.html
http://www.debian.org/security/2016/dsa-3691
http://www.openwall.com/lists/oss-security/2016/09/29/28	Mailing List Patch
http://www.openwall.com/lists/oss-security/2016/10/05/15	Mailing List Patch
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/95334	Third Party Advisory VDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=697169	Issue Tracking Patch
https://ghostscript.com/doc/9.21/History9.htm	Release Notes
https://security.gentoo.org/glsa/201702-31
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
http://rhn.redhat.com/errata/RHSA-2017-0013.html
http://rhn.redhat.com/errata/RHSA-2017-0014.html
http://www.debian.org/security/2016/dsa-3691
http://www.openwall.com/lists/oss-security/2016/09/29/28	Mailing List Patch
http://www.openwall.com/lists/oss-security/2016/10/05/15	Mailing List Patch
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/95334	Third Party Advisory VDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=697169	Issue Tracking Patch
https://ghostscript.com/doc/9.21/History9.htm	Release Notes
https://security.gentoo.org/glsa/201702-31

Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:58

Type	Values Removed	Values Added
References	~~() http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70 -~~	() http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70 -
References	~~() http://rhn.redhat.com/errata/RHSA-2017-0013.html -~~	() http://rhn.redhat.com/errata/RHSA-2017-0013.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2017-0014.html -~~	() http://rhn.redhat.com/errata/RHSA-2017-0014.html -
References	~~() http://www.debian.org/security/2016/dsa-3691 -~~	() http://www.debian.org/security/2016/dsa-3691 -
References	~~() http://www.openwall.com/lists/oss-security/2016/09/29/28 - Mailing List, Patch~~	() http://www.openwall.com/lists/oss-security/2016/09/29/28 - Mailing List, Patch
References	~~() http://www.openwall.com/lists/oss-security/2016/10/05/15 - Mailing List, Patch~~	() http://www.openwall.com/lists/oss-security/2016/10/05/15 - Mailing List, Patch
References	~~() http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html -~~	() http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html -
References	~~() http://www.securityfocus.com/bid/95334 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/95334 - Third Party Advisory, VDB Entry
References	~~() https://bugs.ghostscript.com/show_bug.cgi?id=697169 - Issue Tracking, Patch~~	() https://bugs.ghostscript.com/show_bug.cgi?id=697169 - Issue Tracking, Patch
References	~~() https://ghostscript.com/doc/9.21/History9.htm - Release Notes~~	() https://ghostscript.com/doc/9.21/History9.htm - Release Notes
References	~~() https://security.gentoo.org/glsa/201702-31 -~~	() https://security.gentoo.org/glsa/201702-31 -

Information

Published : 2017-05-23 04:29

Updated : 2025-04-20 01:37

NVD link : CVE-2016-7977

Mitre link : CVE-2016-7977

CVE.ORG link : CVE-2016-7977

JSON object : View

Products Affected

artifex

ghostscript

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2016-7977", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2017-05-23T04:29:01.523", "references": [{"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0013.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0014.html", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2016/dsa-3691", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2016/09/29/28", "tags": ["Mailing List", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2016/10/05/15", "tags": ["Mailing List", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/95334", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697169", "tags": ["Issue Tracking", "Patch"], "source": "cve@mitre.org"}, {"url": "https://ghostscript.com/doc/9.21/History9.htm", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201702-31", "source": "cve@mitre.org"}, {"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0013.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0014.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2016/dsa-3691", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2016/09/29/28", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2016/10/05/15", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/95334", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697169", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ghostscript.com/doc/9.21/History9.htm", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201702-31", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document."}, {"lang": "es", "value": "Ghostscript anterior a la versi\u00f3n 9.21 podr\u00eda permitir que los atacantes remotos eludieran el mecanismo de protecci\u00f3n del modo SAFER y, en consecuencia, leyeran archivos arbitrarios mediante el uso del operador .libfile en un documento Postscript manipulado."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E3E6A8E-786F-4796-A27F-88FFCA10CBCC", "versionEndIncluding": "9.20"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2016-7977

5.5^/10

4.3^/10

Attach tags to `CVE-2016-7977`