9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.4%
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
Security Fix(es):
ghostscript: Incorrect free logic in pagedevice replacement (699664) (CVE-2018-16541)
ghostscript: Incorrect “restoration of privilege” checking when running out of stack during exception handling (CVE-2018-16802)
ghostscript: User-writable error exception table (CVE-2018-17183)
ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) (CVE-2018-17961)
ghostscript: Saved execution stacks can leak operator arrays (CVE-2018-18073)
ghostscript: 1Policy operator allows a sandbox protection bypass (CVE-2018-18284)
ghostscript: Type confusion in setpattern (700141) (CVE-2018-19134)
ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c (CVE-2018-19409)
ghostscript: Uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2018-16541.
Bug Fix(es):
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | ppc | ghostscript-devel | < 9.07-31.el7_6.6 | ghostscript-devel-9.07-31.el7_6.6.ppc.rpm |
RedHat | 7 | aarch64 | ghostscript-cups | < 9.07-31.el7_6.6 | ghostscript-cups-9.07-31.el7_6.6.aarch64.rpm |
RedHat | 7 | aarch64 | ghostscript-gtk | < 9.07-31.el7_6.6 | ghostscript-gtk-9.07-31.el7_6.6.aarch64.rpm |
RedHat | 7 | ppc64 | ghostscript-devel | < 9.07-31.el7_6.6 | ghostscript-devel-9.07-31.el7_6.6.ppc64.rpm |
RedHat | 7 | s390x | ghostscript-gtk | < 9.07-31.el7_6.6 | ghostscript-gtk-9.07-31.el7_6.6.s390x.rpm |
RedHat | 7 | s390x | ghostscript-devel | < 9.07-31.el7_6.6 | ghostscript-devel-9.07-31.el7_6.6.s390x.rpm |
RedHat | 7 | ppc64 | ghostscript-gtk | < 9.07-31.el7_6.6 | ghostscript-gtk-9.07-31.el7_6.6.ppc64.rpm |
RedHat | 7 | x86_64 | ghostscript-cups | < 9.07-31.el7_6.6 | ghostscript-cups-9.07-31.el7_6.6.x86_64.rpm |
RedHat | 7 | ppc64le | ghostscript-debuginfo | < 9.07-31.el7_6.6 | ghostscript-debuginfo-9.07-31.el7_6.6.ppc64le.rpm |
RedHat | 7 | i686 | ghostscript | < 9.07-31.el7_6.6 | ghostscript-9.07-31.el7_6.6.i686.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.4%