Veracode Vulnerability DatabaseVERACODE:19886Denial Of Service
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
Artifex Ghostscript is vulnerable to denial of service(DoS) attacks. This is because the ghostscript does not properly handle certain stack overflow error conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ghostscript | eq | 9.07__20.el7_3.1 | |
| ghostscript | eq | 9.07__28.el7_4.2 | |
| ghostscript | eq | 9.07__20.el7_3.1 | |
| ghostscript | eq | 9.07__28.el7_4.2 |
References
git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
seclists.org/oss-sec/2018/q3/182
www.securityfocus.com/bid/105337
access.redhat.com/errata/RHSA-2018:2918
access.redhat.com/security/updates/classification/#important
bugs.ghostscript.com/show_bug.cgi?id=699668
lists.debian.org/debian-lts-announce/2018/09/msg00015.html
security.gentoo.org/glsa/201811-12
usn.ubuntu.com/3768-1/
www.debian.org/security/2018/dsa-4288
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P