Type Confusion Vulnerability in Artifex Ghostscript Software
CVE-2018-15909

7.8HIGH

Key Information:

Vendor
Debian
Status
Debian Linux
Vendor
CVE Published:
27 August 2018

Summary

A type confusion vulnerability exists in versions of Artifex Ghostscript 9.23 prior to August 24, 2018. This vulnerability can be exploited by an attacker when they supply specially crafted PostScript files. The flaw arises due to the handling of the .shfill operator, which can lead to a crash of the Ghostscript interpreter or allow for potential remote code execution. Organizations using affected versions should apply necessary patches and updates to mitigate risks.

References

https://access.redhat.com/errata/RHSA-2018:3650
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201811-12
vendor-advisoryx_refsource_GENTOO
https://usn.ubuntu.com/3768-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.