7.8
CVE-2018-19475
- EPSS 9.55%
- Veröffentlicht 23.11.2018 05:29:03
- Zuletzt bearbeitet 21.11.2024 03:57:59
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Artifex ≫ Ghostscript Version < 9.26
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.10
Redhat ≫ Openshift Container Platform Version3.11
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Version7.6
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Eus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Workstation Version7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.55% | 0.948 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2019:0229
https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html
https://usn.ubuntu.com/3831-1/
https://www.debian.org/security/2018/dsa-4346
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3005fcb9bb160af199e761e03bc70a9f249a987e
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=aeea342904978c9fe17d85f4906a0f6fcce2d315
http://www.securityfocus.com/bid/106154
https://bugs.ghostscript.com/show_bug.cgi?id=700153
https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf