Vulnerability Name:

CVE-2017-9611 (CCN-129560)

Assigned:2017-06-12
Published:2017-06-12
Updated:2020-09-23
Summary:The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-125
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2017-9611

Source: CCN
Type: Ghostscript GIT Repository
Bug 698024: bounds check zone pointer in Ins_MIRP()

Source: CONFIRM
Type: Third Party Advisory
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe

Source: DEBIAN
Type: Third Party Advisory
DSA-3986

Source: BID
Type: Third Party Advisory, VDB Entry
99975

Source: CCN
Type: BID-99975
Ghostscript GhostXPS CVE-2017-9611 Heap Buffer Overflow Vulnerability

Source: CONFIRM
Type: Exploit, Issue Tracking, Third Party Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=698024

Source: XF
Type: UNKNOWN
ghostxps-cve20179611-dos(129560)

Source: GENTOO
Type: Third Party Advisory
GLSA-201811-12

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-9611

Vulnerable Configuration:Configuration 1:
  • cpe:/a:artifex:ghostscript:9.21:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:artifex:ghostscript:9.21:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2017-9611 (CCN-129597)

    Assigned:2017-07-25
    Published:2017-07-25
    Updated:2017-07-25
    Summary:Artifex Ghostscript GhostXPS is vulnerable to a denial of service, caused by a heap-based buffer overflow in Ins_MIRP function in base/ttinterp.c. By using a specially-crafted document, a remote attacker could exploit this vulnerability to cause the application to crash or possibly have unspecified other impact.
    CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
    6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
    2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Medium
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): Single_Instance
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2017-9611

    Source: CCN
    Type: BID-99975
    Ghostscript GhostXPS CVE-2017-9611 Heap Buffer Overflow Vulnerability

    Source: CCN
    Type: Ghostscript Bugzilla – Bug 698024
    heap-buffer-overflow in Ins_MIRP(base/ttinterp.c)

    Source: XF
    Type: UNKNOWN
    artifex-ghostscript-cve20179611-dos(129597)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:artifex:ghostscript_ghostxps:9.21:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20179611
    V
    		CVE-2017-9611
    2022-05-22
    oval:org.opensuse.security:def:34675
    P
    		Security update for virglrenderer (Important) (in QA)
    2022-01-17
    oval:org.opensuse.security:def:33067
    P
    		Security update for libqt4 (Important)
    2021-12-22
    oval:org.opensuse.security:def:29464
    P
    		Security update for chrony (Moderate)
    2021-12-22
    oval:org.opensuse.security:def:29453
    P
    		Security update for ruby2.1 (Important)
    2021-12-01
    oval:org.opensuse.security:def:30155
    P
    		Security update for ruby2.1 (Important)
    2021-12-01
    oval:org.opensuse.security:def:29452
    P
    		Security update for xen (Moderate)
    2021-11-29
    oval:org.opensuse.security:def:33028
    P
    		Security update for git (Low)
    2021-10-20
    oval:org.opensuse.security:def:30257
    P
    		Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:34539
    P
    		Security update for postgresql13 (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:31249
    P
    		Security update for python-PyYAML (Important)
    2021-08-24
    oval:org.opensuse.security:def:32979
    P
    		Security update for libmspack (Moderate)
    2021-08-17
    oval:org.opensuse.security:def:33692
    P
    		Security update for dbus-1 (Important)
    2021-08-02
    oval:org.opensuse.security:def:30106
    P
    		Security update for linuxptp (Important)
    2021-07-21
    oval:org.opensuse.security:def:31205
    P
    		Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:33934
    P
    		Security update for xterm (Important)
    2021-06-18
    oval:org.opensuse.security:def:30213
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:35254
    P
    		Security update for caribou (Important)
    2021-06-10
    oval:org.opensuse.security:def:34455
    P
    		Security update for the Linux Kernel (Important)
    2021-06-08
    oval:org.opensuse.security:def:31184
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:34443
    P
    		Security update for postgresql12 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:34444
    P
    		Security update for postgresql13 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:32922
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:30194
    P
    		Security update for the Linux Kernel (Important)
    2021-05-17
    oval:org.opensuse.security:def:31145
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:33788
    P
    		Security update for openssl-1_1 (Important)
    2021-03-25
    oval:org.opensuse.security:def:30051
    P
    		Security update for openssl (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:33090
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:33772
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:28936
    P
    		Security update for jasper (Important)
    2021-02-16
    oval:org.opensuse.security:def:31096
    P
    		Security update for python (Important)
    2020-12-11
    oval:org.opensuse.security:def:35936
    P
    		lcms-1.17-77.14.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35977
    P
    		libtspi1-0.3.10-0.9.50 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:27654
    P
    		Security update for Perl
    2020-12-01
    oval:org.opensuse.security:def:27985
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:28322
    P
    		Security update for perl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29058
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:28295
    P
    		Security update for ncurses (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28589
    P
    		Security update for mozilla-nspr, mozilla-nss
    2020-12-01
    oval:org.opensuse.security:def:29085
    P
    		Security update for emacs (Important)
    2020-12-01
    oval:org.opensuse.security:def:29668
    P
    		Security update for dhcp
    2020-12-01
    oval:org.opensuse.security:def:30519
    P
    		Security update for GnuTLS
    2020-12-01
    oval:org.opensuse.security:def:30885
    P
    		Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:31925
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:32316
    P
    		Security update for rsync (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32679
    P
    		gstreamer-0_10-plugins-good on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33463
    P
    		Security update for okular.
    2020-12-01
    oval:org.opensuse.security:def:34149
    P
    		Security update for openssh
    2020-12-01
    oval:org.opensuse.security:def:34306
    P
    		Security update for quagga (Important)
    2020-12-01
    oval:org.opensuse.security:def:35080
    P
    		Security update for java-1_7_0-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26645
    P
    		unrar on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26849
    P
    		zoo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27222
    P
    		libtiff3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27377
    P
    		boost-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27718
    P
    		Security update for curl
    2020-12-01
    oval:org.opensuse.security:def:28069
    P
    		Security update for MozillaFirefox, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:28361
    P
    		Security update for postgresql94 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29093
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:28306
    P
    		Recommended update for openldap2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28646
    P
    		Security update for compat-openssl097g (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28985
    P
    		Security update for wireshark (Low)
    2020-12-01
    oval:org.opensuse.security:def:29723
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:29755
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:30433
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:30651
    P
    		Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:31040
    P
    		Security update for kdelibs4
    2020-12-01
    oval:org.opensuse.security:def:32393
    P
    		Security update for tomcat6 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32766
    P
    		pcsc-ccid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33811
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:33474
    P
    		Security update for libesmtp
    2020-12-01
    oval:org.opensuse.security:def:33845
    P
    		Security update for gtk2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34198
    P
    		Security update for pcsc-lite
    2020-12-01
    oval:org.opensuse.security:def:34944
    P
    		Security update for MozillaFirefox, mozilla-nspr (Important)
    2020-12-01
    oval:org.opensuse.security:def:34774
    P
    		Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35139
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:35298
    P
    		Security update for libxml2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26646
    P
    		unzip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26930
    P
    		kernel-default on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27275
    P
    		pure-ftpd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27421
    P
    		inkscape on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27642
    P
    		Security update for LibreOffice
    2020-12-01
    oval:org.opensuse.security:def:27846
    P
    		Security update for openldap2
    2020-12-01
    oval:org.opensuse.security:def:28220
    P
    		Security update for libsamplerate (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28376
    P
    		Security update for quagga (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28373
    P
    		Recommended update for python-setuptools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28730
    P
    		Security update for krb5
    2020-12-01
    oval:org.opensuse.security:def:29024
    P
    		Security update for LibVNCServer (Critical)
    2020-12-01
    oval:org.opensuse.security:def:29759
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:29812
    P
    		Security update for jasper
    2020-12-01
    oval:org.opensuse.security:def:30895
    P
    		Security update for MozillaFirefox, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:30434
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:30741
    P
    		Security update for amanda (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32304
    P
    		Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:32528
    P
    		gvim on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33556
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34237
    P
    		Security update for pixman (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34984
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:34831
    P
    		Security update for bash (Important)
    2020-12-01
    oval:org.opensuse.security:def:35188
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26657
    P
    		LibVNCServer on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26987
    P
    		lvm2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27324
    P
    		xdg-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28059
    P
    		Security update for dom4j (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27643
    P
    		Security update for libssh2
    2020-12-01
    oval:org.opensuse.security:def:27928
    P
    		Security update for GraphicsMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:28273
    P
    		Security update for mozilla-nspr (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28420
    P
    		Security update for tiff (Low)
    2020-12-01
    oval:org.opensuse.security:def:28294
    P
    		Recommended update for ncurses (Important)
    2020-12-01
    oval:org.opensuse.security:def:28504
    P
    		Security update for openssh-openssl1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28882
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:29041
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:29536
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:29898
    P
    		Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30932
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:30445
    P
    		Security update for ark
    2020-12-01
    oval:org.opensuse.security:def:30798
    P
    		Security update for bluez (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31887
    P
    		Security update for emacs (Important)
    2020-12-01
    oval:org.opensuse.security:def:32305
    P
    		Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:32622
    P
    		LibVNCServer on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33134
    P
    		libFLAC++6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33462
    P
    		Security update for KDE4 PIM packages
    2020-12-01
    oval:org.opensuse.security:def:34091
    P
    		Security update for mgetty (Important)
    2020-12-01
    oval:org.opensuse.security:def:34262
    P
    		Security update for postgresql94 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34921
    P
    		Security update for evolution-data-server
    2020-12-01
    oval:org.opensuse.security:def:35227
    P
    		Security update for libmpfr
    2020-12-01
    oval:org.opensuse.security:def:26721
    P
    		java-1_6_0-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27071
    P
    		NetworkManager-gnome on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27363
    P
    		PackageKit-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28094
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:com.ubuntu.trusty:def:20179611000
    V
    		CVE-2017-9611 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-07-26
    oval:com.ubuntu.xenial:def:20179611000
    V
    		CVE-2017-9611 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-07-26
    oval:com.ubuntu.xenial:def:201796110000000
    V
    		CVE-2017-9611 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-07-26
    BACK
    artifex ghostscript 9.21
    debian debian linux 8.0
    debian debian linux 9.0
    artifex ghostscript 9.21
    artifex ghostscript ghostxps 9.21