CVE-2018-19475

CVE-2018-19475

Name

CVE-2018-19475

Description

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Release Notes	https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
Issue Tracking	https://bugs.ghostscript.com/show_bug.cgi?id=700153
Patch	http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315
Patch	http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e
Third Party Advisory	https://www.debian.org/security/2018/dsa-4346
Mailing List	https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html
Third Party Advisory	https://usn.ubuntu.com/3831-1/
Third Party Advisory	http://www.securityfocus.com/bid/106154
Mitigation	https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf
Third Party Advisory	https://access.redhat.com/errata/RHSA-2019:0229
Third Party Advisory	https://access.redhat.com/errata/RHBA-2019:0327

Type

URI

Release Notes

https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26

Issue Tracking

https://bugs.ghostscript.com/show_bug.cgi?id=700153

Patch

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315

Patch

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e

Third Party Advisory

https://www.debian.org/security/2018/dsa-4346