Veracode Vulnerability DatabaseVERACODE:20104Denial Of Service (DoS)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
ghostscript PDF14 compositor is vulnerable to denial of service(DoS) attacks. This is because it does not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
References
git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e
access.redhat.com/errata/RHBA-2019:0327
access.redhat.com/errata/RHSA-2019:0229
access.redhat.com/security/updates/classification/#important
bugs.ghostscript.com/show_bug.cgi?id=699661
bugzilla.redhat.com/show_bug.cgi?id=1665919
lists.debian.org/debian-lts-announce/2018/09/msg00015.html
security.gentoo.org/glsa/201811-12
usn.ubuntu.com/3768-1/
www.artifex.com/news/ghostscript-security-resolved/
www.debian.org/security/2018/dsa-4288
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P