vulnerability
Oracle Linux: CVE-2016-7977: ELSA-2017-0013: ghostscript security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Sep 28, 2016 | Jan 5, 2017 | Dec 3, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Sep 28, 2016
Added
Jan 5, 2017
Modified
Dec 3, 2025
Description
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could, in the context of the gs process, retrieve file content on the target machine.
It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could, in the context of the gs process, retrieve file content on the target machine.
Solutions
oracle-linux-upgrade-ghostscriptoracle-linux-upgrade-ghostscript-cupsoracle-linux-upgrade-ghostscript-develoracle-linux-upgrade-ghostscript-docoracle-linux-upgrade-ghostscript-gtk
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.