7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Ghostscript is vulnerable to denial of service (DoS) attacks. This is because the ghostscript .shfill operator did not properly validate certain types. An attacker could supply crafted PostScript files to crash the interpreter or potentially execute arbitrary code in ghostscript context.
CPE | Name | Operator | Version |
---|---|---|---|
ghostscript | eq | 9.07__20.el7_3.1 | |
ghostscript | eq | 9.07__29.el7_5.2 | |
ghostscript | eq | 9.07__28.el7_4.2 |
git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
www.securityfocus.com/bid/105178
access.redhat.com/errata/RHSA-2018:3650
access.redhat.com/security/updates/classification/#important
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
lists.debian.org/debian-lts-announce/2018/09/msg00015.html
security.gentoo.org/glsa/201811-12
support.f5.com/csp/article/K24803507?utm_source=f5support&utm_medium=RSS
usn.ubuntu.com/3768-1/
www.kb.cert.org/vuls/id/332928
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P