CVE-2018-15909

HIGH

Artifex Ghostscript <2018-08-24 - Code Injection

Title source: llm

Description

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

References (10)

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:3650

[Third Party Advisory] https://security.gentoo.org/glsa/201811-12

[Third Party Advisory] https://usn.ubuntu.com/3768-1/

[Patch] http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e01e77a36cbb2e0277bc3a63852244bec41be0f6

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105178

[Patch] http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0b6cd1918e1ec4ffd087400a754a845180a4522b

[Patch, Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/332928

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html

[Patch, Third Party Advisory] https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

[Vendor Advisory] https://support.f5.com/csp/article/K24803507?utm_source=f5support&amp%3Butm_medium=RSS

Scores

CVSS v3 7.8

EPSS 0.0227

EPSS Percentile 84.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-704

Status published

Products (13)

artifex/ghostscript < 9.23

artifex/gpl_ghostscript < 9.26

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

debian/debian_linux 8.0

pulsesecure/pulse_connect_secure 8.2r1.0 - 8.2r12.1

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server_aus 7.6

... and 3 more

Published Aug 27, 2018

Tracked Since Feb 18, 2026