Back to bug 1382305
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Cedric Buissart | 2016-10-06 09:52:21 UTC | Blocks | 1380329 | |
| Cedric Buissart | 2016-10-06 10:10:50 UTC | Summary | CVE-2016-7979 Type confusion in .initialize_dsc_parser allows remote code execution | CVE-2016-7979 ghostscript: Type confusion in .initialize_dsc_parser allows remote code execution |
| Adam Mariš | 2016-10-07 07:25:56 UTC | Whiteboard | impact=important,public=20161004,reported=20161004,source=researcher,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=cwe-20,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new | impact=important,public=20161004,reported=20161004,source=researcher,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new |
| Cedric Buissart | 2016-10-07 08:49:54 UTC | Whiteboard | impact=important,public=20161004,reported=20161004,source=researcher,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new | impact=important,public=20161004,reported=20161004,source=researcher,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new |
| Cedric Buissart | 2016-10-07 08:50:02 UTC | CC | abhgupta, dmcphers, jialiu, jokerman, kseifried, lmeyer, mmccomas, tiwillia | |
| Slawomir Czarko | 2016-10-10 09:24:09 UTC | CC | slawomir | |
| Cedric Buissart | 2016-10-12 09:49:59 UTC | Whiteboard | impact=important,public=20161004,reported=20161004,source=researcher,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new | impact=important,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new |
| Cedric Buissart | 2016-10-12 09:50:08 UTC | Whiteboard | impact=important,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new |
| Cedric Buissart | 2016-10-12 09:50:17 UTC | Severity | high | medium |
| Cedric Buissart | 2016-10-12 09:50:26 UTC | Priority | high | medium |
| Cedric Buissart | 2016-10-18 14:20:37 UTC | Doc Text | It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. An attacker could send a specially crafted postscript file for processing, possibly triggering code execution in the context of the gs process. | |
| Cedric Buissart | 2016-10-25 08:10:49 UTC | Whiteboard | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=new,openshift-enterprise-2/ghostscript=new | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=new |
| Cedric Buissart | 2016-10-25 09:12:59 UTC | Whiteboard | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=new | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=affected,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=new |
| Cedric Buissart | 2016-10-25 09:20:36 UTC | Whiteboard | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=affected,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=new | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=new |
| Cedric Buissart | 2016-10-26 15:55:04 UTC | Whiteboard | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=new | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix |
| Cedric Buissart | 2016-10-31 16:06:48 UTC | Depends On | 1390299 | |
| Cedric Buissart | 2016-10-31 16:06:54 UTC | Depends On | 1390300 | |
| Cedric Buissart | 2016-10-31 16:08:40 UTC | Depends On | 1390301 | |
| Cedric Buissart | 2016-10-31 16:08:47 UTC | Depends On | 1390302 | |
| Cedric Buissart | 2016-11-01 08:42:52 UTC | Depends On | 1390489 | |
| David Kaspar // Dee'Kej | 2016-11-01 14:06:48 UTC | Fixed In Version | ghostscript-9.20-2 | |
| David Kaspar // Dee'Kej | 2016-11-01 14:07:10 UTC | Fixed In Version | ghostscript-9.20-2 | |
| David Kaspar // Dee'Kej | 2016-11-04 15:45:52 UTC | Status | NEW | ASSIGNED |
| Tomas Hoger | 2016-11-04 15:54:33 UTC | Status | ASSIGNED | NEW |
| Cedric Buissart | 2016-11-24 14:24:01 UTC | Whiteboard | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix |
| Cedric Buissart | 2016-11-28 16:54:46 UTC | Doc Text | It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. An attacker could send a specially crafted postscript file for processing, possibly triggering code execution in the context of the gs process. | It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. |
| Cedric Buissart | 2017-01-04 11:10:58 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-04 06:10:58 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:57:57 UTC | Whiteboard | impact=moderate,public=20161004,reported=20161004,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,fedora-all/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix |
Back to bug 1382305