cpe:/a:artifex:ghostscript:9.20 CVE-2016-8602 2017-04-14T14:59:00.877-04:00 2018-01-04T21:31:18.400-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2017-04-21T09:56:15.503-04:00 BID 95311 DEBIAN DSA-3691 GENTOO GLSA-201702-31 REDHAT RHSA-2017:0013 REDHAT RHSA-2017:0014 MLIST [oss-security] 20161011 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems CONFIRM http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303 CONFIRM https://bugs.ghostscript.com/show_bug.cgi?id=697203 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1383940 CONFIRM https://ghostscript.com/doc/9.21/History9.htm The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.