vulnerability
Oracle Linux: CVE-2018-15911: ELSA-2018-3834: ghostscript security and bug fix update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 09/06/2018 | 12/18/2018 | 11/27/2024 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
09/06/2018
Added
12/18/2018
Modified
11/27/2024
Description
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
Solution(s)
oracle-linux-upgrade-ghostscriptoracle-linux-upgrade-ghostscript-cupsoracle-linux-upgrade-ghostscript-develoracle-linux-upgrade-ghostscript-docoracle-linux-upgrade-ghostscript-gtk
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.