vulnerability
FreeBSD: VID-30c0f878-b03e-11e8-be8a-0011d823eebd (CVE-2018-15911): Ghostscript -- arbitrary code execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Sep 4, 2018 | Sep 5, 2018 | Mar 25, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Sep 4, 2018
Added
Sep 5, 2018
Modified
Mar 25, 2026
Description
CERT reports: Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript operations. Multiple PostScript operations bypass the protections provided by -dSAFER, which can allow an attacker to execute arbitrary commands with arbitrary arguments. This vulnerability can also be exploited in applications that leverage Ghostscript, such as ImageMagick, GraphicsMagick, evince, Okular, Nautilus, and others. Exploit code for this vulnerability is publicly available.
Solutions
freebsd-upgrade-package-ghostscript9-agpl-basefreebsd-upgrade-package-ghostscript9-agpl-x11
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.