Multiple vulnerabilities in Artifex Ghostscript
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-15911 CVE-2018-15910 CVE-2018-15908 |
| CWE-ID | CWE-20 CWE-843 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ghostscript Universal components / Libraries / Libraries used by multiple products |
| Vendor | Artifex Software, Inc. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU14562
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-15911
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the bypass of the -dSAFER option. A remote unauthenticated attacker can submit a specially crafted PostScript file, cause uninitialized memory access in the aesdecode operator and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsGhostscript: 5.50 - 9.23
CPE2.3- cpe:2.3:a:artifex_software:ghostscript:5.50:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:6.01:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:6.50:*:*:*:*:*:*:*
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Type confusion
EUVDB-ID: #VU14564
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-15910
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the bypass of the -dSAFER option. A remote unauthenticated attacker can submit a specially crafted PostScript file, trigger type confusion in LockDistillerParams parameter and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationInstall update from vendor's website.
Vulnerable software versionsGhostscript: 5.50 - 9.23
CPE2.3- cpe:2.3:a:artifex_software:ghostscript:5.50:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:6.01:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:6.50:*:*:*:*:*:*:*
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c3476dde7743761a4e1d39a631716199b696b880
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU14565
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-15908
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to the bypass of the -dSAFER option. A remote unauthenticated attacker can submit a specially crafted PostScript file, bypass .tempfile restrictions and write files on the targeted system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGhostscript: 5.50 - 9.23
CPE2.3- cpe:2.3:a:artifex_software:ghostscript:5.50:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:6.01:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:6.50:*:*:*:*:*:*:*
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
