7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Artifex Ghostscript is vulnerable to remote code execution (RCE) attacks. This is because the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
CPE | Name | Operator | Version |
---|---|---|---|
ghostscript | eq | 9.07__28.el7_4.2 | |
ghostscript | eq | 9.07__20.el7_3.1 |
git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
www.securityfocus.com/bid/105122
access.redhat.com/errata/RHSA-2018:2918
access.redhat.com/security/updates/classification/#important
bugs.ghostscript.com/show_bug.cgi?id=699656
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
lists.debian.org/debian-lts-announce/2018/09/msg00015.html
security.gentoo.org/glsa/201811-12
support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS
usn.ubuntu.com/3768-1/
www.debian.org/security/2018/dsa-4288
www.kb.cert.org/vuls/id/332928
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P