Vulnerabilities > CVE-2017-7207 - NULL Pointer Dereference vulnerability in Artifex Ghostscript 9.20
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-2180.NASL description An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * A NULL pointer dereference flaw was found in ghostscript last seen 2020-06-01 modified 2020-06-02 plugin id 102754 published 2017-08-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102754 title CentOS 7 : ghostscript (CESA-2017:2180) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1145.NASL description According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.(CVE-2017-7207) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-08-08 plugin id 102232 published 2017-08-08 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102232 title EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2017-1145) NASL family Fedora Local Security Checks NASL id FEDORA_2017-047CFFB598.NASL description Security fix for [CVE-2017-7207](https://bugzilla.redhat.com/show_bug.cgi?id=1434353). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-04-10 plugin id 99255 published 2017-04-10 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99255 title Fedora 25 : ghostscript (2017-047cffb598) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1144.NASL description According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.(CVE-2017-7207) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-08-08 plugin id 102231 published 2017-08-08 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102231 title EulerOS 2.0 SP1 : ghostscript (EulerOS-SA-2017-1144) NASL family Fedora Local Security Checks NASL id FEDORA_2017-628B627EAC.NASL description Security fix for [CVE-2017-7207](https://bugzilla.redhat.com/show_bug.cgi?id=1434353). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101645 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101645 title Fedora 26 : ghostscript (2017-628b627eac) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201708-06.NASL description The remote host is affected by the vulnerability described in GLSA-201708-06 (GPL Ghostscript: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for additional information. Impact : A context-dependent attacker could entice a user to open a specially crafted PostScript file or PDF document using GPL Ghostscript possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 102618 published 2017-08-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102618 title GLSA-201708-06 : GPL Ghostscript: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1138-1.NASL description This update for ghostscript fixes the following security vulnerabilities : - CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) - CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) - CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) - CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) - CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 99761 published 2017-05-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99761 title SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2017:1138-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1140-1.NASL description This update for ghostscript-library fixes several issues. These security issues were fixed : - CVE-2017-7207: The mem_get_bits_rectangle function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document (bsc#1030263). - CVE-2016-9601: Prevent heap-buffer overflow by checking for an integer overflow in jbig2_image_new function (bsc#1018128). - CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050891) - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050889) - CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050888) - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050887) - CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state structure, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184) - CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1050879) - CVE-2016-10219: The intersect function in base/gxfill.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file (bsc#1032138) - CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c which allowed for DoS (bsc#1040643) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109572 published 2018-05-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109572 title SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2018:1140-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2180.NASL description An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * A NULL pointer dereference flaw was found in ghostscript last seen 2020-06-01 modified 2020-06-02 plugin id 102114 published 2017-08-02 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102114 title RHEL 7 : ghostscript (RHSA-2017:2180) NASL family Fedora Local Security Checks NASL id FEDORA_2017-9A13090378.NASL description Security fix for [CVE-2017-7207](https://bugzilla.redhat.com/show_bug.cgi?id=1434353). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-04-20 plugin id 99490 published 2017-04-20 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99490 title Fedora 24 : ghostscript (2017-9a13090378) NASL family Scientific Linux Local Security Checks NASL id SL_20170802_GHOSTSCRIPT_ON_SL7_X.NASL description Security Fix(es) : - A NULL pointer dereference flaw was found in ghostscript last seen 2020-03-18 modified 2017-08-22 plugin id 102663 published 2017-08-22 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102663 title Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20170802) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3272-1.NASL description It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219) Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 99726 published 2017-04-28 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99726 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ghostscript vulnerabilities (USN-3272-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-2180.NASL description From Red Hat Security Advisory 2017:2180 : An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * A NULL pointer dereference flaw was found in ghostscript last seen 2020-06-01 modified 2020-06-02 plugin id 102298 published 2017-08-09 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102298 title Oracle Linux 7 : ghostscript (ELSA-2017-2180) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1404-1.NASL description This update for ghostscript fixes the following security vulnerabilities : - CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) - CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) - CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) - CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) - CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) This is a reissue of the previous update to also include SUSE Linux Enterprise 12 GA LTSS packages. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100410 published 2017-05-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100410 title SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2017:1404-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3272-2.NASL description USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. We apologize for the inconvenience. It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219) Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100247 published 2017-05-17 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100247 title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ghostscript regression (USN-3272-2) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-558.NASL description This update for ghostscript fixes the following security vulnerabilities : CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-05-09 plugin id 100041 published 2017-05-09 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100041 title openSUSE Security Update : ghostscript (openSUSE-2017-558) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1048.NASL description Several issues were found in Ghostscript, the GPL PostScript/PDF interpreter, which allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. For Debian 7 last seen 2020-03-17 modified 2017-08-02 plugin id 102096 published 2017-08-02 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102096 title Debian DLA-1048-1 : ghostscript security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3838.NASL description Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 99741 published 2017-05-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99741 title Debian DSA-3838-1 : ghostscript - security update
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugs.ghostscript.com/show_bug.cgi?id=697676
- http://www.ghostscript.com/cgi-bin/findgit.cgi?309eca4e0a31ea70dcc844812691439312dad091
- http://www.securityfocus.com/bid/96995
- http://www.securitytracker.com/id/1039071
- https://security.gentoo.org/glsa/201708-06
- http://www.debian.org/security/2017/dsa-3838
- https://access.redhat.com/errata/RHSA-2017:2180