PT-2018-1531 · Artifex+5 · Artifex Ghostscript+5

Tavis Ormandy

Publicado

2018-02-21

Atualizado

2024-06-15

CVE-2018-15909

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions prior to 9.23

Description The issue is related to a type confusion in the .shfill operator, which can be exploited by attackers who can supply crafted PostScript files. This could potentially lead to the execution of code or a crash of the interpreter. The vulnerability is associated with a buffer overflow due to type confusion in the .shfill operator when processing PostScript files.

Recommendations For Artifex Ghostscript versions prior to 9.23, update to version 9.23 or later to resolve the issue. As a temporary workaround, consider restricting the use of the .shfill operator or avoiding the processing of untrusted PostScript files until the update is applied.

Correção

Buffer Overflow

Type Confusion

Incorrect Type Conversion or Cast

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-843CWE-704

Identificadores relacionados

ALT-PU-2018-2799

BDU:2018-01086

CESA-2018_3650

CVE-2018-15909

DLA-1504-1

DSA-4288-1

MGASA-2018-0378

OPENSUSE-SU-2018_3036-1

OPENSUSE-SU-2018_3038-1

OPENSUSE-SU-2024:10783-1

RHSA-2018:3650

RHSA-2018_3650

SUSE-SU-2018:2975-1

SUSE-SU-2018:2975-2

SUSE-SU-2018:2975-3

SUSE-SU-2018:2976-1

USN-3768-1

Produtos afetados

Alt Linux

Artifex Ghostscript

Centos

Red Hat

Suse

Ubuntu

PT-2018-1531 · Artifex+5 · Artifex Ghostscript+5

CVE-2018-15909

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 119