CVE-2017-15652 - Vulnerability Details - OpenCVE

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Artifex	Ghostscript

Configuration 1 [-]

cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2fc463d0e
http://www.securityfocus.com/bid/108463
https://bugs.ghostscript.com/show_bug.cgi?id=698676

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-23T14:55:01

Updated: 2024-08-05T19:57:27.646Z

Reserved: 2017-10-19T00:00:00

Link: CVE-2017-15652

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-23T15:29:00.430

Modified: 2024-11-21T03:14:57.770

Link: CVE-2017-15652

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-27T08:06:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698676"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2fc463d0e"}, {"name": "108463", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108463"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15652", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698676", "refsource": "MISC", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698676"}, {"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e", "refsource": "CONFIRM", "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e"}, {"name": "108463", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108463"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:57:27.646Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698676"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2fc463d0e"}, {"name": "108463", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108463"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15652", "datePublished": "2019-05-23T14:55:01", "dateReserved": "2017-10-19T00:00:00", "dateUpdated": "2024-08-05T19:57:27.646Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*", "matchCriteriaId": "E7ED7728-3EC2-4423-AC71-BAEE7822397E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well."}, {"lang": "es", "value": "Ghostscript versi\u00f3n 9.22 de Artifex, se ve afectado por: Obtenci\u00f3n de Informaci\u00f3n. El impacto es: conseguir informaci\u00f3n confidencial. El componente es: archivo de c\u00f3digo fuente afectado, funci\u00f3n afectada, ejecutable afectado, libga afectado (imagemagick used that). El vector de ataque es: Alguien debe abrir un archivo postscript por medio de ghostscript. Debido a que imagemagick tambi\u00e9n usa libga, de la misma manera fue afectado."}], "id": "CVE-2017-15652", "lastModified": "2024-11-21T03:14:57.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-23T15:29:00.430", "references": [{"source": "cve@mitre.org", "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2fc463d0e"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/108463"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698676"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2fc463d0e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/108463"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698676"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}