CVE-2018-15910

Name
CVE-2018-15910
Description
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://www.kb.cert.org/vuls/id/332928
Patch http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
Permissions Required https://bugs.ghostscript.com/show_bug.cgi?id=699656
Third Party Advisory https://www.debian.org/security/2018/dsa-4288
Mailing List https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
Third Party Advisory https://usn.ubuntu.com/3768-1/
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2918
Third Party Advisory http://www.securityfocus.com/bid/105122
Third Party Advisory https://security.gentoo.org/glsa/201811-12
Patch https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
CONFIRM https://support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* debian_linux == None == 9.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* debian_linux == None == 8.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status