CVE-2018-19409

Published: Nov 21, 2018 Last Modified: Nov 21, 2024
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,1020
Percentile
0,9th
Updated

EPSS Score Trend (Last 90 Days)

Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Desktop by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Desktop
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Workstation by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Workstation
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Ghostscript by Artifex

Product Information
Vendor Artifex
Product Ghostscript
Version Range Affected
To 9.26 (exclusive)
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Aus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Aus
Version 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Eus
Version 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://access.redhat.com/errata/RHSA-2018:3834
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3834
https://bugs.ghostscript.com/show_bug.cgi?id=700176
Issue Tracking Permissions Required Vendor Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=700176
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=…
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d679…
https://lists.debian.org/debian-lts-announce/2018/11/msg000…
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html
https://security.gentoo.org/glsa/201811-12
Mitigation Third Party Advisory
https://security.gentoo.org/glsa/201811-12
https://usn.ubuntu.com/3831-1/
Third Party Advisory
https://usn.ubuntu.com/3831-1/
https://www.debian.org/security/2018/dsa-4346
Third Party Advisory
https://www.debian.org/security/2018/dsa-4346
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.…
Release Notes Vendor Advisory
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
http://www.securityfocus.com/bid/105990
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/105990
https://access.redhat.com/errata/RHSA-2018:3834
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3834
https://bugs.ghostscript.com/show_bug.cgi?id=700176
Issue Tracking Permissions Required Vendor Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=700176
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=…
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d679…
https://lists.debian.org/debian-lts-announce/2018/11/msg000…
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html
https://security.gentoo.org/glsa/201811-12
Mitigation Third Party Advisory
https://security.gentoo.org/glsa/201811-12
https://usn.ubuntu.com/3831-1/
Third Party Advisory
https://usn.ubuntu.com/3831-1/
https://www.debian.org/security/2018/dsa-4346
Third Party Advisory
https://www.debian.org/security/2018/dsa-4346
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.…
Release Notes Vendor Advisory
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
http://www.securityfocus.com/bid/105990
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/105990