PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-6196 Artifex CVE debrief

CVE-2017-6196 is a Ghostscript memory-safety flaw in gx_image_enum_begin() that can trigger multiple use-after-free conditions when processing a crafted PostScript document. The practical impact described by the record is application crash/denial of service, with the possibility of unspecified additional impact. NVD rates the issue HIGH (CVSS 7.8).

Vendor
Artifex
Product
Afpl Ghostscript
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-24
Original CVE updated
2026-05-13
Advisory published
2017-02-24
Advisory updated
2026-05-13

Who should care

Administrators and vendors that ship or embed Ghostscript, especially systems that process untrusted PostScript or related print/PDF conversion inputs. Security teams should also care if Ghostscript is exposed in server-side document pipelines, viewer/conversion services, or packaged desktop tooling.

Technical summary

The NVD record identifies CWE-416 (use-after-free) in base/gxipixel.c, specifically in gx_image_enum_begin(). The vulnerable range is tied to Ghostscript builds before the referenced upstream fix commit ecceafe3abba2714ef9b432035fe0739d9b1a283. The CVE description says the issue can be triggered by a crafted PostScript document. NVD’s CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, which indicates user interaction is required and the exploitability context is constrained differently than the prose description’s “remote attackers” wording; both are present in the official record.

Defensive priority

High for any environment that processes untrusted PostScript or ships Ghostscript. The combination of memory corruption, user interaction, and file-processing exposure makes this worth prioritizing for patching and package updates, especially in internet-facing or shared document workflows.

Recommended defensive actions

  • Update Ghostscript to a version that includes the upstream fix referenced by commit ecceafe3abba2714ef9b432035fe0739d9b1a283.
  • Inventory where Ghostscript is used directly or indirectly, including printers, converters, previewers, and document-processing services.
  • Restrict or sandbox Ghostscript processing of untrusted documents until patched.
  • Treat crafted PostScript as untrusted input and block or quarantine suspicious inbound files.
  • Verify downstream vendor packages and advisories for backported fixes, especially if using distro-provided Ghostscript builds.

Evidence notes

Primary evidence comes from the NVD CVE record and its cited references. The record names multiple use-after-free vulnerabilities in gx_image_enum_begin() in base/gxipixel.c and points to the upstream Ghostscript commit ecceafe3abba2714ef9b432035fe0739d9b1a283, the Ghostscript bug tracker entry 697596 marked as issue tracking/patch, and the Gentoo GLSA advisory. The official NVD metadata also classifies the weakness as CWE-416 and assigns CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Official resources

CVE published 2017-02-24. The supplied official record was modified on 2026-05-13; that modified date reflects database updates, not the original vulnerability disclosure date.