In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P
Vendors Products
Artifex
  • Ghostscript
  • Gpl Ghostscript
Canonical
  • Ubuntu Linux
Pulsesecure
  • Pulse Connect Secure
Debian
  • Debian Linux

Configuration 1 [-]

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
References
Link Resource
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b326a71659b7837d3acde954b18bda1a6f5e9498
https://bugs.ghostscript.com/show_bug.cgi?id=699655 Issue Tracking Permissions Required Vendor Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201811-12 Third Party Advisory
https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/3768-1/ Third Party Advisory
https://www.artifex.com/news/ghostscript-security-resolved/ Patch Vendor Advisory
https://www.debian.org/security/2018/dsa-4288 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-05T13:00:00

Updated: 2019-11-05T20:06:26

Reserved: 2018-09-05T00:00:00

Link: CVE-2018-16513

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2018-09-05T13:29:00.370

Modified: 2023-11-07T02:53:46.727

Link: CVE-2018-16513

JSON object: View

cve-icon Redhat Information

No data.

CWE