Veracode Vulnerability DatabaseVERACODE:19773Denial Of Service (DoS)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Artifex Ghostscript is vulnerable to denial of service(DoS) attacks. This is because the setpattern operator does not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or possibly execute arbitrary code in the context of the Ghostscript process.
References
git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf
www.securityfocus.com/bid/106278
access.redhat.com/errata/RHSA-2018:3834
access.redhat.com/security/updates/classification/#important
bugs.ghostscript.com/show_bug.cgi?id=700141
bugzilla.redhat.com/show_bug.cgi?id=1657822
lists.debian.org/debian-lts-announce/2018/12/msg00019.html
semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf
www.ghostscript.com/doc/9.26/News.htm
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P