CVE-2016-7979

{"id": "CVE-2016-7979", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-05-23T04:29:01.617", "references": [{"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Bh=875a0095f37626a721c7ff57d606a0f95af03913", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0013.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0014.html", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2016/dsa-3691", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2016/10/05/15", "tags": ["Mailing List", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/95337", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697190", "tags": ["Issue Tracking", "Patch"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201702-31", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-704"}]}], "descriptions": [{"lang": "en", "value": "Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser."}, {"lang": "es", "value": "Ghostscript versiones anteriores a 9.21 podr\u00eda permitir que los atacantes remotos pasaran por alto el mecanismo de protecci\u00f3n del modo SAFER y, en consecuencia, ejecutar c\u00f3digo arbitrario mediante el aprovechamiento de la confusi\u00f3n de tipos en .initialize_dsc_parser."}], "lastModified": "2023-11-07T02:35:21.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E3E6A8E-786F-4796-A27F-88FFCA10CBCC", "versionEndIncluding": "9.20"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}