Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43592
HistoryOct 08, 2023 - 3:59 p.m.

Denial Of Service (DoS)

2023-10-0815:59:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
ghostscript
vulnerability
plfont.c
pcl file
pdf conversion
integer overflow
denial of service
dos

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

26.5%

ghostscript is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the integer overflow in the pl_glyph_name of plfont.c, which allows an attacker to cause an application by transforming a maliciously crafted PCL file to PDF format

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

26.5%