VDB
CVE-2017-9620
CVE-2017-9620
PUBLISHED
CVSS 7.800000190734863 HIGH
The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function.
EPSS 0.67% · 71.6th percentile
Risk Scores
CVSS v3.0
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.67%
71.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| artifex | ghostscript_ghostxps | 9.21 |
Timeline
- Jul 26, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- GLSA-201811-12 vendor-advisory
- 99990 vdb
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3ee55637480d5e319a5de0481b01c3346855cbc9 url
- https://bugs.ghostscript.com/show_bug.cgi?id=698050 url
- https://nvd.nist.gov/vuln/detail/CVE-2017-9620 advisory
- http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9 url