VDB-99232 · CVE-2016-10218 · BID 97410

Artifex Ghostscript PDF Transparency Module base/gdevp14.c pdf14_pop_transparency_group null pointer dereference

A vulnerability was found in Artifex Ghostscript. It has been declared as problematic. This vulnerability affects the function pdf14_pop_transparency_group of the file base/gdevp14.c of the component PDF Transparency Module. The manipulation leads to null pointer dereference. Using CWE to declare the problem leads to CWE-476. The bug was discovered 12/19/2016. The weakness was disclosed 04/03/2017 as FEDORA-2017-c85c0e5637 as GIT Commit (GIT Repository). The advisory is shared for download at git.ghostscript.com. This vulnerability was named CVE-2016-10218. Local access is required to approach this attack. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 105 days. As 0-day the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 100013 (Fedora 25 : ghostscript (2017-c85c0e5637)), which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 277699 (Fedora Security Update for ghostscript (FEDORA-2017-a606d224a5)). The name of the patch is d621292fb2c8157d9899dcd83fd04dd250e30fe4. The bugfix is ready for download at git.ghostscript.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published 2 months after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 97410) and Tenable (100013).

Field08/25/2020 10:54 AM11/24/2022 05:05 PM11/24/2022 05:12 PM
typeDocument Processing SoftwareDocument Processing SoftwareDocument Processing Software
vendorArtifexArtifexArtifex
nameGhostscriptGhostscriptGhostscript
componentPDF Transparency ModulePDF Transparency ModulePDF Transparency Module
filebase/gdevp14.cbase/gdevp14.cbase/gdevp14.c
functionpdf14_pop_transparency_grouppdf14_pop_transparency_grouppdf14_pop_transparency_group
cwe476 (null pointer dereference)476 (null pointer dereference)476 (null pointer dereference)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.73.73.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiPPP
cvss3_meta_basescore4.44.44.4
cvss3_meta_tempscore4.24.34.3
cvss3_vuldb_basescore3.33.33.3
cvss3_vuldb_tempscore3.23.23.2
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
date1491177600 (04/03/2017)1491177600 (04/03/2017)1491177600 (04/03/2017)
locationGIT RepositoryGIT RepositoryGIT Repository
typeGIT CommitGIT CommitGIT Commit
urlhttp://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
price_0day$0-$5k$0-$5k$0-$5k
namePatchPatchPatch
patch_urlhttp://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
cveCVE-2016-10218CVE-2016-10218CVE-2016-10218
cve_assigned1486598400 (02/09/2017)1486598400 (02/09/2017)1486598400 (02/09/2017)
cve_nvd_published149117760014911776001491177600
cve_nvd_summaryThe pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
securityfocus974109741097410
securityfocus_titleGhostscript 'base/gxht_thresh.c' Heap Buffer Overflow VulnerabilityGhostscript 'base/gxht_thresh.c' Heap Buffer Overflow VulnerabilityGhostscript 'base/gxht_thresh.c' Heap Buffer Overflow Vulnerability
nessus_id100013100013100013
nessus_nameFedora 25 : ghostscript (2017-c85c0e5637)Fedora 25 : ghostscript (2017-c85c0e5637)Fedora 25 : ghostscript (2017-c85c0e5637)
nessus_filenamefedora_2017-c85c0e5637.naslfedora_2017-c85c0e5637.naslfedora_2017-c85c0e5637.nasl
nessus_riskMediumMediumMedium
nessus_familyFedora Local Security ChecksFedora Local Security ChecksFedora Local Security Checks
nessus_typelocallocallocal
nessus_date1494201600 (05/08/2017)1494201600 (05/08/2017)1494201600 (05/08/2017)
openvas_id867773867773867773
openvas_filenamegb_fedora_2017_c85c0e5637_ghostscript_fc25.naslgb_fedora_2017_c85c0e5637_ghostscript_fc25.naslgb_fedora_2017_c85c0e5637_ghostscript_fc25.nasl
openvas_titleFedora Update for ghostscript FEDORA-2017-c85c0e5637Fedora Update for ghostscript FEDORA-2017-c85c0e5637Fedora Update for ghostscript FEDORA-2017-c85c0e5637
openvas_familyFedora Local Security ChecksFedora Local Security ChecksFedora Local Security Checks
qualys_id277699277699277699
qualys_titleFedora Security Update for ghostscript (FEDORA-2017-a606d224a5)Fedora Security Update for ghostscript (FEDORA-2017-a606d224a5)Fedora Security Update for ghostscript (FEDORA-2017-a606d224a5)
seealso99231 99233 99234 99248 99265 99908 100268 10026999231 99233 99234 99248 99265 99908 100268 10026999231 99233 99234 99248 99265 99908 100268 100269
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
reaction_days333333
0day_days105105105
exposure_days333333
cvss3_nvd_basescore5.55.55.5
discoverydate148210560014821056001482105600
confirm_urlhttp://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
date1494028800 (05/06/2017)1494028800 (05/06/2017)1494028800 (05/06/2017)
osvdb_titleCVE-2016-10218 - Ghostscript - Denial of Service IssueCVE-2016-10218 - Ghostscript - Denial of Service IssueCVE-2016-10218 - Ghostscript - Denial of Service Issue
securityfocus_date1491177600 (04/03/2017)1491177600 (04/03/2017)1491177600 (04/03/2017)
securityfocus_classFailure to Handle Exceptional ConditionsFailure to Handle Exceptional ConditionsFailure to Handle Exceptional Conditions
patch_named621292fb2c8157d9899dcd83fd04dd250e30fe4d621292fb2c8157d9899dcd83fd04dd250e30fe4
cvss2_nvd_basescore4.34.3
identifierFEDORA-2017-c85c0e5637

Want to stay up to date on a daily basis?

Enable the mail alert feature now!