Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-16541

Опубликовано: 06 сент. 2018
Источник: redhat
CVSS3: 7.3
EPSS Низкий

Описание

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

It was discovered that the ghostscript device cleanup did not properly handle devices replaced with a null device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.

Отчет

This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ghostscriptWill not fix
Red Hat Enterprise Linux 6ghostscriptWill not fix
Red Hat Enterprise Linux 8ghostscriptNot affected
Red Hat Enterprise Linux 7ghostscriptFixedRHSA-2018:383417.12.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1625846ghostscript: Incorrect free logic in pagedevice replacement (699664)

EPSS

Процентиль: 63%
0.00454
Низкий

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-16541

CVSS3: 5.5
ubuntu
около 7 лет назад

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

nvd логотип

CVE-2018-16541

CVSS3: 5.5
nvd
около 7 лет назад

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

debian логотип

CVE-2018-16541

CVSS3: 5.5
debian
около 7 лет назад

In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...

github логотип

GHSA-m76g-5q68-xv2c

CVSS3: 5.5
github
больше 3 лет назад

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

suse-cvrf логотип

SUSE-SU-2018:3330-1

suse-cvrf
около 7 лет назад

Security update for ghostscript-library

EPSS

Процентиль: 63%
0.00454
Низкий

7.3 High

CVSS3