This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote EulerOS host is missing multiple security updates.
According to the versions of the ghostscript packages installed, the
EulerOS installation on the remote host is affected by the following
- It was found that the ghostscript functions getenv,
filenameforall and .libfile did not honor the -dSAFER
option, usually used when processing untrusted
documents, leading to information disclosure. A
specially crafted postscript document could read
environment variable, list directory and retrieve file
content respectively, from the target. (CVE-2013-5653,
- It was found that the ghostscript function .setdevice
suffered a use-after-free vulnerability due to an
incorrect reference count. A specially crafted
postscript document could trigger code execution in the
context of the gs process. (CVE-2016-7978)
- It was found that the ghostscript function
.initialize_dsc_parser did not validate its parameter
before using it, allowing a type confusion flaw. A
specially crafted postscript document could cause a
crash code execution in the context of the gs process.
- It was found that ghostscript did not sufficiently
check the validity of parameters given to the
.sethalftone5 function. A specially crafted postscript
document could cause a crash, or execute arbitrary code
in the context of the gs process. (CVE-2016-8602)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
See also :
Update the affected ghostscript packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false