CVE-2018-15909

CVE-2018-15909

Name

CVE-2018-15909

Description

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://www.kb.cert.org/vuls/id/332928
Vendor Advisory	http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
Patch	http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
Third Party Advisory	http://www.securityfocus.com/bid/105178
Mailing List	https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
Third Party Advisory	https://usn.ubuntu.com/3768-1/
Third Party Advisory	https://security.gentoo.org/glsa/201811-12
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3650
Patch	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
CONFIRM	https://support.f5.com/csp/article/K24803507?utm_source=f5support&utm_medium=RSS

Type

URI

Patch

https://www.kb.cert.org/vuls/id/332928

Vendor Advisory

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6

Patch

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b

Third Party Advisory

http://www.securityfocus.com/bid/105178

Mailing List

https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html