Ghostscript GhostXPS CVE-2017-9727 Denial of Service Vulnerability

Ghostscript GhostXPS is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed.

Ghostscript GhostXPS 9.22 is vulnerable; other versions may also be affected.


Bugtraq ID: 99999
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-9727

Remote: Yes
Local: No
Published: Jun 14 2017 12:00AM
Updated: Jun 14 2017 12:00AM
Credit: Kim Gwan Yeong
Vulnerable: Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Redhat Enterprise Linux 5
Artifex Ghostscript 9.22

Not Vulnerable:


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts