CVE-2016-7977

{"id": "CVE-2016-7977", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2017-05-23T04:29:01.523", "references": [{"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0013.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0014.html", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2016/dsa-3691", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2016/09/29/28", "tags": ["Mailing List", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2016/10/05/15", "tags": ["Mailing List", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/95334", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697169", "tags": ["Issue Tracking", "Patch"], "source": "cve@mitre.org"}, {"url": "https://ghostscript.com/doc/9.21/History9.htm", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201702-31", "source": "cve@mitre.org"}, {"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0013.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0014.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2016/dsa-3691", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2016/09/29/28", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2016/10/05/15", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/95334", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697169", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ghostscript.com/doc/9.21/History9.htm", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201702-31", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document."}, {"lang": "es", "value": "Ghostscript anterior a la versi\u00f3n 9.21 podr\u00eda permitir que los atacantes remotos eludieran el mecanismo de protecci\u00f3n del modo SAFER y, en consecuencia, leyeran archivos arbitrarios mediante el uso del operador .libfile en un documento Postscript manipulado."}], "lastModified": "2024-11-21T02:58:49.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E3E6A8E-786F-4796-A27F-88FFCA10CBCC", "versionEndIncluding": "9.20"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}