7.8
CVE-2018-15909
- EPSS 3.02%
- Veröffentlicht 27.08.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:41
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Artifex ≫ Ghostscript Version <= 9.23
Artifex ≫ Gpl Ghostscript Version < 9.26
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Eus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Workstation Version7.0
Pulsesecure ≫ Pulse Connect Secure Version >= 8.2r1.0 < 8.2r12.1
Pulsesecure ≫ Pulse Connect Secure Version >= 8.3r1 < 8.3r7.1
Pulsesecure ≫ Pulse Connect Secure Version >= 9.0r1 < 9.0r3.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.02% | 0.857 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-704 Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type.
https://security.gentoo.org/glsa/201811-12
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
https://usn.ubuntu.com/3768-1/
https://access.redhat.com/errata/RHSA-2018:3650
https://www.kb.cert.org/vuls/id/332928
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0b6cd1918e1ec4ffd087400a754a845180a4522b
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e01e77a36cbb2e0277bc3a63852244bec41be0f6
http://www.securityfocus.com/bid/105178
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
https://support.f5.com/csp/article/K24803507?utm_source=f5support&%3Butm_medium=RSS