CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

SUSE CVE•added 2023/02/15 4:24 a.m.•3 views

SUSE CVE-2018-15909

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code...

7.3CVSS7.1AI score0.03019EPSS

Exploits0References10

RedhatCVE•added 2019/10/08 10:56 a.m.•33 views

CVE-2018-15909

It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...

9.3CVSS1.6AI score0.92499EPSS

Exploits4References2

RedHat Linux•added 2018/11/27 1:27 a.m.•8 views

ghostscript: shading_param incomplete type checking (699660)

7.8CVSS6.1AI score0.03019EPSS

Exploits0References4

BDU FSTEC•added 2018/09/14 12:0 a.m.•5 views

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript relates to the execution of operations beyond the buffer boundaries in memory. This allows an attacker to execute arbitrary code or cause a service failure.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents lies in the escape operation that occurs outside the buffer during data type transformation using the .shfill operator. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS8AI score0.03019EPSS

Exploits0References4Affected Software1