Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: upstream security Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697459
Hi, the following vulnerability was published for ghostscript. CVE-2016-10317[0]: | The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex | Software, Inc. Ghostscript 9.20 allows remote attackers to cause a | denial of service (heap-based buffer overflow and application crash) or | possibly have unspecified other impact via a crafted PostScript | document. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10317 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10317 [1] https://bugs.ghostscript.com/show_bug.cgi?id=697459 The reproducer is not yet public available, and the severity should probably be increased due to the heap buffer overflow. But we can ammend once more details public. Regards, Salvatore