CVE-2017-9835 in Ghostscript GhostXPS
Summary
by MITRE
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.22 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 12/14/2022
The vulnerability identified as CVE-2017-9835 represents a critical heap-based buffer overflow in Artifex Ghostscript version 9.22 that can be exploited remotely through malicious PostScript documents. This flaw exists within the gs_alloc_ref_array function located in the psi/ialloc.c file, which serves as a core memory allocation component for the Ghostscript rendering engine. The vulnerability stems from insufficient integer overflow validation in the base/gsalloc.c file, creating a condition where malicious input can manipulate memory allocation parameters beyond acceptable bounds. The flaw operates by allowing an attacker to craft a specially formatted PostScript document that, when processed by Ghostscript, triggers the vulnerable allocation routine. When the application attempts to allocate memory based on manipulated parameters, it overflows heap buffers, leading to unpredictable behavior including application crashes and potential system instability. This vulnerability directly relates to CWE-129, which describes improper validation of array index values, and CWE-190, which covers integer overflow and wraparound conditions. The attack surface extends across all systems running Ghostscript 9.22 or earlier versions where PostScript documents are processed, including servers, workstations, and print systems that utilize Ghostscript for document rendering. The impact of this vulnerability can be severe as it allows for remote denial of service attacks that can disrupt legitimate document processing workflows. Additionally, the unspecified other impacts mentioned in the description suggest potential for more serious consequences including privilege escalation or code execution under certain conditions, though the primary risk remains system availability disruption. The vulnerability demonstrates a classic memory safety issue where insufficient input validation allows attackers to manipulate internal data structures and cause memory corruption. From an operational standpoint, this vulnerability affects organizations that rely on Ghostscript for document processing, particularly those that accept untrusted PostScript content from external sources, including web applications, print servers, and document management systems. The attack vector requires only the delivery of a malicious PostScript document to the target system, making it particularly dangerous for environments where document processing occurs automatically. The exploitation of this vulnerability aligns with ATT&CK technique T1059.007, which covers scripting through command-line interpreters, as Ghostscript processes these documents through its interpreter. Organizations should prioritize immediate patching of affected systems, implementing network segmentation to limit exposure, and establishing monitoring for suspicious document processing activities. The vulnerability also highlights the importance of proper input validation and memory safety practices in interpreted environments where user-supplied content is processed, emphasizing the need for comprehensive security testing of core allocation routines in document processing software.