Type Confusion Vulnerability in Ghostscript's .initialize_dsc_parser Allows Arbitrary Code Execution

Type Confusion Vulnerability in Ghostscript's .initialize_dsc_parser Allows Arbitrary Code Execution

CVE-2016-7979 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

Learn more about our Web Application Penetration Testing UK.