The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697810
(In reply to Volkan from comment #0) > The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows > remote attackers to cause a denial of service (out-of-bounds read) via a > crafted PostScript document. Nope. Wrong. Does not affect 9.21, but just a range of git master commits.
The CVE is wrong. ghostscript-gpl-9.21 was released March 16th 2017 See http://git.ghostscript.com/?p=ghostpdl.git;a=shortlog;h=refs/tags/ghostscript-9.21 https://bugs.ghostscript.com/show_bug.cgi?id=697810 was reported April 29th 2017 against a bunch of random master commits (as Andreas mentioned). So this definitely was not in 9.21. Furthermore, the commits were fixed and reported testing good against the PoC given on upstream bug tracker. Given this, the vulnerable code never made it to a release or Gentoo (no -9999 in Gentoo either). CVE assigned for historical purposes.
