Back to bug 1382300
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Cedric Buissart | 2016-10-06 09:44:55 UTC | Blocks | 1380329 | |
| Cedric Buissart | 2016-10-06 10:10:00 UTC | Summary | CVE-2016-7978 reference leak in .setdevice allows use-after-free and remote code execution | CVE-2016-7978 ghostscript: reference leak in .setdevice allows use-after-free and remote code execution |
| Adam Mariš | 2016-10-07 07:25:42 UTC | CC | amaris | |
| Whiteboard | impact=important,public=20160930,reported=20160930,source=researcher,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=cwe-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new | impact=important,public=20160930,reported=20160930,source=researcher,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new | ||
| Adam Mariš | 2016-10-07 07:26:13 UTC | CC | amaris | |
| Cedric Buissart | 2016-10-07 08:49:28 UTC | Whiteboard | impact=important,public=20160930,reported=20160930,source=researcher,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new | impact=important,public=20160930,reported=20160930,source=researcher,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new |
| Cedric Buissart | 2016-10-07 08:49:35 UTC | CC | abhgupta, dmcphers, jialiu, jokerman, kseifried, lmeyer, mmccomas, tiwillia | |
| Cedric Buissart | 2016-10-12 09:50:47 UTC | Whiteboard | impact=important,public=20160930,reported=20160930,source=researcher,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new | impact=important,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new |
| Cedric Buissart | 2016-10-12 09:50:55 UTC | Whiteboard | impact=important,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new |
| Cedric Buissart | 2016-10-12 09:51:04 UTC | Severity | high | medium |
| Cedric Buissart | 2016-10-12 09:51:13 UTC | Priority | high | medium |
| Cedric Buissart | 2016-10-13 09:41:45 UTC | Whiteboard | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=notaffected,openshift-enterprise-2/ghostscript=new |
| Cedric Buissart | 2016-10-13 09:42:08 UTC | Whiteboard | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=notaffected,openshift-enterprise-2/ghostscript=new | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=new |
| Cedric Buissart | 2016-10-18 14:07:57 UTC | Doc Text | It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. An attacker could use this flaw and send a specially crafted postscript document that would possibly, upon processing, trigger code execution in the context of the gs process. | |
| Cedric Buissart | 2016-10-26 15:54:50 UTC | Whiteboard | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=new | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix |
| Cedric Buissart | 2016-10-31 15:39:37 UTC | Whiteboard | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=notaffected,rhel-6/ghostscript=notaffected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=notaffected |
| Cedric Buissart | 2016-10-31 16:06:48 UTC | Depends On | 1390299 | |
| Cedric Buissart | 2016-10-31 16:06:54 UTC | Depends On | 1390300 | |
| Cedric Buissart | 2016-11-01 08:42:25 UTC | Depends On | 1390488 | |
| David Kaspar // Dee'Kej | 2016-11-04 15:45:57 UTC | Status | NEW | ASSIGNED |
| Tomas Hoger | 2016-11-04 15:54:37 UTC | Status | ASSIGNED | NEW |
| Cedric Buissart | 2016-11-24 14:23:29 UTC | Whiteboard | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=notaffected,rhel-6/ghostscript=notaffected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=notaffected | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=notaffected,rhel-6/ghostscript=notaffected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=notaffected |
| Cedric Buissart | 2016-11-28 16:56:21 UTC | Doc Text | It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. An attacker could use this flaw and send a specially crafted postscript document that would possibly, upon processing, trigger code execution in the context of the gs process. | It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. |
| Cedric Buissart | 2017-01-04 11:10:39 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-04 06:10:39 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:57:57 UTC | Whiteboard | impact=moderate,public=20160930,reported=20160930,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-416,rhel-5/ghostscript=notaffected,rhel-6/ghostscript=notaffected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=notaffected |
Back to bug 1382300