CVE-2018-15911

Name
CVE-2018-15911
Description
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://www.kb.cert.org/vuls/id/332928
Permissions Required https://bugs.ghostscript.com/show_bug.cgi?id=699665
Patch http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
Third Party Advisory https://www.debian.org/security/2018/dsa-4288
Mailing List https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
Third Party Advisory https://usn.ubuntu.com/3768-1/
Third Party Advisory http://www.securityfocus.com/bid/105122
Third Party Advisory https://security.gentoo.org/glsa/201811-12
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3834
Patch https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
CONFIRM https://support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* debian_linux == None == 9.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* debian_linux == None == 8.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status