vulnerability
FreeBSD: VID-30c0f878-b03e-11e8-be8a-0011d823eebd (CVE-2018-15909): Ghostscript -- arbitrary code execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Sep 4, 2018 | Sep 5, 2018 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Sep 4, 2018
Added
Sep 5, 2018
Modified
Dec 10, 2025
Description
CERT reports: Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript operations. Multiple PostScript operations bypass the protections provided by -dSAFER, which can allow an attacker to execute arbitrary commands with arbitrary arguments. This vulnerability can also be exploited in applications that leverage Ghostscript, such as ImageMagick, GraphicsMagick, evince, Okular, Nautilus, and others. Exploit code for this vulnerability is publicly available.
Solutions
freebsd-upgrade-package-ghostscript9-agpl-basefreebsd-upgrade-package-ghostscript9-agpl-x11
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.