CVE-2018-15909
Description
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.274
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Ghostscript 9.23 | Windows |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.10~dfsg-0ubuntu10.13_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.10~dfsg-0ubuntu10.13_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.18~dfsg~0-0ubuntu2.9_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.18~dfsg~0-0ubuntu2.9_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.22~dfsg+1-0ubuntu1.2_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.22~dfsg+1-0ubuntu1.2_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.10~dfsg-0ubuntu10.13_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.10~dfsg-0ubuntu10.13_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.18~dfsg~0-0ubuntu2.9_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.18~dfsg~0-0ubuntu2.9_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.22~dfsg+1-0ubuntu1.2_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.22~dfsg+1-0ubuntu1.2_amd64.deb | Linux |
| Ghostscript security update (CESA-2018:3650) ghostscript-9.07-31.el7_6.1.i686.rpm | Linux |
| Ghostscript security update (CESA-2018:3650) ghostscript-9.07-31.el7_6.1.x86_64.rpm | Linux |
| Ghostscript security update (CESA-2018:3650) ghostscript-doc-9.07-31.el7_6.1.noarch.rpm | Linux |
| Ghostscript security update (CESA-2018:3650) ghostscript-gtk-9.07-31.el7_6.1.x86_64.rpm | Linux |
| Ghostscript security update (CESA-2018:3650) ghostscript-cups-9.07-31.el7_6.1.x86_64.rpm | Linux |
| Ghostscript security update (CESA-2018:3650) ghostscript-devel-9.07-31.el7_6.1.i686.rpm | Linux |
| Ghostscript security update (CESA-2018:3650) ghostscript-devel-9.07-31.el7_6.1.x86_64.rpm | Linux |
| (RHSA-2018:3650) ghostscript security update ghostscript-9.07-31.el7_6.1.i686.rpm | Linux |
| (RHSA-2018:3650) ghostscript security update ghostscript-9.07-31.el7_6.1.x86_64.rpm | Linux |
| (RHSA-2018:3650) ghostscript security update ghostscript-cups-9.07-31.el7_6.1.x86_64.rpm | Linux |
| (RHSA-2018:3650) ghostscript security update ghostscript-devel-9.07-31.el7_6.1.i686.rpm | Linux |
| (RHSA-2018:3650) ghostscript security update ghostscript-devel-9.07-31.el7_6.1.x86_64.rpm | Linux |
| (RHSA-2018:3650) ghostscript security update ghostscript-doc-9.07-31.el7_6.1.noarch.rpm | Linux |
| (RHSA-2018:3650) ghostscript security update ghostscript-gtk-9.07-31.el7_6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2975-1(SUSE Linux Enterprise Desktop 12-SP3 ) ghostscript-9.25-23.13.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2975-1(SUSE Linux Enterprise Desktop 12-SP3 ) ghostscript-debuginfo-9.25-23.13.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2975-1(SUSE Linux Enterprise Desktop 12-SP3 ) ghostscript-debugsource-9.25-23.13.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2975-1(SUSE Linux Enterprise Desktop 12-SP3 ) ghostscript-x11-9.25-23.13.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2975-1(SUSE Linux Enterprise Desktop 12-SP3 ) ghostscript-x11-debuginfo-9.25-23.13.1.x86_64.rpm | Linux |
| ghostscript Security Update (ALAS-2018-1088) ghostscript-devel-9.06-8.amzn2.0.5.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234