7.8

CVE-2018-16511

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
ArtifexGhostscript Version < 9.24
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.94% 0.775
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

https://security.gentoo.org/glsa/201811-12
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3768-1/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3650
Third Party Advisory
https://www.debian.org/security/2018/dsa-4288
Third Party Advisory
https://www.artifex.com/news/ghostscript-security-resolved/
Patch
Vendor Advisory
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0edd3d6c634a577db261615a9dc2719bca7f6e01
http://seclists.org/oss-sec/2018/q3/182
Patch
Third Party Advisory
Mailing List
Issue Tracking
https://bugs.ghostscript.com/show_bug.cgi?id=699659
Third Party Advisory
Permissions Required