CVE-2018-15909

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
debiandebian_linux
8.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
artifexghostscript
𝑥
≤ 9.23
artifexgpl_ghostscript
𝑥
< 9.26
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
7.0
pulsesecurepulse_connect_secure
8.2r1.0 ≤
𝑥
< 8.2r12.1
pulsesecurepulse_connect_secure
8.3r1 ≤
𝑥
< 8.3r7.1
pulsesecurepulse_connect_secure
9.0r1 ≤
𝑥
< 9.0r3.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bullseye
9.53.3~dfsg-7+deb11u7
fixed
bullseye (security)
9.53.3~dfsg-7+deb11u8
fixed
bookworm
10.0.0~dfsg-11+deb12u4
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u5
fixed
sid
10.04.0~dfsg-1
fixed
trixie
10.04.0~dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
bionic
Fixed 9.22~dfsg+1-0ubuntu1.2
released
xenial
Fixed 9.18~dfsg~0-0ubuntu2.9
released
trusty
Fixed 9.10~dfsg-0ubuntu10.13
released
Common Weakness Enumeration
References
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0b6cd1918e1ec4ffd087400a754a845180a4522b
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e01e77a36cbb2e0277bc3a63852244bec41be0f6
http://www.securityfocus.com/bid/105178
https://access.redhat.com/errata/RHSA-2018:3650
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
https://security.gentoo.org/glsa/201811-12
https://support.f5.com/csp/article/K24803507?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/3768-1/
https://www.kb.cert.org/vuls/id/332928
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0b6cd1918e1ec4ffd087400a754a845180a4522b
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e01e77a36cbb2e0277bc3a63852244bec41be0f6
http://www.securityfocus.com/bid/105178
https://access.redhat.com/errata/RHSA-2018:3650
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
https://security.gentoo.org/glsa/201811-12
https://support.f5.com/csp/article/K24803507?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/3768-1/
https://www.kb.cert.org/vuls/id/332928