Uninitialized Memory Access in Artifex Ghostscript Affects Multiple Platforms
CVE-2018-15911

7.8HIGH

Key Information:

Vendor
Debian
Status
Debian Linux
Vendor
CVE Published:
28 August 2018

Summary

Artifex Ghostscript versions prior to August 24, 2018, are susceptible to a vulnerability stemming from uninitialized memory access within the aesdecode operator. An attacker can exploit this weakness by supplying specially crafted PostScript input, potentially crashing the interpreter or enabling the execution of arbitrary code. This security flaw highlights the importance of updating to the latest software version to mitigate risks associated with unauthorized access and system crashes.

References

https://security.gentoo.org/glsa/201811-12
vendor-advisoryx_refsource_GENTOO
https://usn.ubuntu.com/3768-1/
vendor-advisoryx_refsource_UBUNTU
https://bugs.ghostscript.com/show_bug.cgi?id=699665
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.