1
Candidate: CVE-2017-6196
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6196
6
Multiple use-after-free vulnerabilities in the gx_image_enum_begin function
7
in base/gxipixel.c in Ghostscript before
8
ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a
9
denial of service (application crash) or possibly have unspecified other
10
impact via a crafted PostScript document.
13
sbeattie> PoC in bug report
14
mdeslaur> introduced by http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784
16
https://bugs.ghostscript.com/show_bug.cgi?id=697596
17
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856142
23
upstream: http://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283
24
upstream_ghostscript: needs-triage
25
precise_ghostscript: not-affected (9.05~dfsg-0ubuntu4.4)
26
trusty_ghostscript: not-affected (9.10~dfsg-0ubuntu10.6)
27
vivid/stable-phone-overlay_ghostscript: DNE
28
vivid/ubuntu-core_ghostscript: DNE
29
xenial_ghostscript: not-affected (9.18~dfsg~0-0ubuntu2.3)
30
yakkety_ghostscript: not-affected (9.19~dfsg+1-0ubuntu6.3)
31
devel_ghostscript: not-affected (9.19~dfsg+1-0ubuntu7.1)