9.8

CVE-2018-19409

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexGhostscript Version < 9.26
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.83% 0.939
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://security.gentoo.org/glsa/201811-12
Third Party Advisory
Mitigation
https://access.redhat.com/errata/RHSA-2018:3834
Third Party Advisory
http://www.securityfocus.com/bid/105990
Third Party Advisory
VDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=700176
Vendor Advisory
Issue Tracking
Permissions Required
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f
https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html
Third Party Advisory
https://usn.ubuntu.com/3831-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4346
Third Party Advisory
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
Vendor Advisory
Release Notes