vulnerability
Oracle Linux: CVE-2018-15910: ELSA-2018-2918: ghostscript security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 21, 2018 | Jul 21, 2020 | Nov 29, 2024 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 21, 2018
Added
Jul 21, 2020
Modified
Nov 29, 2024
Description
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
Solution(s)
oracle-linux-upgrade-ghostscriptoracle-linux-upgrade-ghostscript-cupsoracle-linux-upgrade-ghostscript-develoracle-linux-upgrade-ghostscript-docoracle-linux-upgrade-ghostscript-gtk
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.