Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-15910

Опубликовано: 21 авг. 2018
Источник: redhat
CVSS3: 7.3
EPSS Низкий

Описание

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.

Отчет

This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Меры по смягчению последствий

Please see https://bugzilla.redhat.com/show_bug.cgi?id=1619748#c3

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ghostscriptWill not fix
Red Hat Enterprise Linux 6ghostscriptWill not fix
Red Hat Enterprise Linux 8ghostscriptNot affected
Red Hat OpenShift Container Platform 3.10mediawikiNot affected
Red Hat OpenShift Container Platform 3.11mediawikiNot affected
Red Hat OpenShift Container Platform 3.2mediawikiNot affected
Red Hat OpenShift Container Platform 3.3mediawikiNot affected
Red Hat OpenShift Container Platform 3.4mediawikiNot affected
Red Hat OpenShift Container Platform 3.5mediawikiNot affected
Red Hat OpenShift Container Platform 3.6mediawikiNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-704
https://bugzilla.redhat.com/show_bug.cgi?id=1619751ghostscript: LockDistillerParams type confusion (699656)

EPSS

Процентиль: 89%
0.04834
Низкий

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-15910

CVSS3: 7.8
ubuntu
около 7 лет назад

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

nvd логотип

CVE-2018-15910

CVSS3: 7.8
nvd
около 7 лет назад

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

debian логотип

CVE-2018-15910

CVSS3: 7.8
debian
около 7 лет назад

In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...

github логотип

GHSA-wx5g-j2w9-qx59

CVSS3: 7.8
github
больше 3 лет назад

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

fstec логотип

BDU:2018-01087

CVSS3: 10
fstec
больше 7 лет назад

Уязвимость интерпретатора набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 89%
0.04834
Низкий

7.3 High

CVSS3