CVE-2017-5951

Summary

CVE	CVE-2017-5951
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-04-03 05:59:00 UTC
Updated	2017-11-04 01:29:00 UTC
Description	The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Artifex	Ghostscript	9.20	All	All	All
Application	Artifex	Ghostscript	9.20	All	All	All

References

Reference	Source	Link	Tags
GPL Ghostscript: Multiple vulnerabilities (GLSA 201708-06) — Gentoo security	GENTOO	security.gentoo.org
Ghostscript CVE-2017-5951 Denial of Service Vulnerability	BID	www.securityfocus.com
Bug 697548 – Null pointer dereference in ref_stack_index()	MISC	bugs.ghostscript.com	Exploit, Issue Tracking, Patch
Debian -- Security Information -- DSA-3838-1 ghostscript	DEBIAN	www.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

500204 Alpine Linux Security Update for ghostscript
503946 Alpine Linux Security Update for ghostscript
671112 EulerOS Security Update for ghostscript (EulerOS-SA-2019-2370)
710373 Gentoo Linux GPL Ghostscript Multiple Vulnerabilities (GLSA 201708-06)