CVE-2018-19478

5.5MEDIUM

Key Information

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 2 January 2019

Summary

In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.

Refferences

http://www.securityfocus.com/bid/106445

vdb-entryx_refsource_BID

https://www.ghostscript.com/doc/9.26/History9.htm

x_refsource_CONFIRM

https://bugs.ghostscript.com/show_bug.cgi?id=699856

x_refsource_CONFIRM

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff...

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1655607

x_refsource_CONFIRM

https://lists.debian.org/debian-lts-announce/2018/12/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2019
Vulnerability Reserved
Nov 22, 2018

Collectors

NVD DatabaseMitre Database

.