CVE-2018-15908 - OpenCVE

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Artifex	Ghostscript
Redhat	Enterprise Linux Server Eus Enterprise Linux Server Aus Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server
Canonical	Ubuntu Linux
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Configuration 4 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

References

Link	Resource
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0d3901189f245232f0161addf215d7268c4d05a3
https://access.redhat.com/errata/RHSA-2018:3650	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html	Third Party Advisory
https://security.gentoo.org/glsa/201811-12	Third Party Advisory
https://usn.ubuntu.com/3768-1/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4288	Third Party Advisory
https://www.kb.cert.org/vuls/id/332928	Third Party Advisory US Government Resource