7.8

CVE-2018-19477

Exploit
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexGhostscript Version < 9.26
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.04% 0.858
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

https://access.redhat.com/errata/RHBA-2019:0327
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0229
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3831-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4346
Third Party Advisory
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
Vendor Advisory
Release Notes
http://www.securityfocus.com/bid/106154
Third Party Advisory
VDB Entry
https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf
Third Party Advisory
Exploit
Mitigation
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ef252e7dc214bcbd9a2539216aab9202848602bb
http://git.ghostscript.com/?p=ghostpdl.git%3Bh=606a22e77e7f081781e99e44644cd0119f559e03
https://bugs.ghostscript.com/show_bug.cgi?id=700168
Patch
Vendor Advisory
Issue Tracking