Type Confusion Vulnerability in Artifex Ghostscript Software
CVE-2018-16511

7.8HIGH

Key Information:

Vendor
Debian
Status
Debian Linux
Vendor
CVE Published:
5 September 2018

Summary

A type confusion vulnerability was discovered in Artifex Ghostscript prior to version 9.24. This issue allows remote attackers to exploit the interpreter by supplying specially crafted PostScript code. The exploitation of this vulnerability can lead to crashing the interpreter or may result in other undefined impacts, potentially compromising the integrity and availability of system resources.

References

https://access.redhat.com/errata/RHSA-2018:3650
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201811-12
vendor-advisoryx_refsource_GENTOO
https://usn.ubuntu.com/3768-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.