CVE-2018-15911
Description
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.697
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Ghostscript 9.23 | Windows |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.10~dfsg-0ubuntu10.13_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.10~dfsg-0ubuntu10.13_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.18~dfsg~0-0ubuntu2.9_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.18~dfsg~0-0ubuntu2.9_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.22~dfsg+1-0ubuntu1.2_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) libgs9_9.22~dfsg+1-0ubuntu1.2_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.10~dfsg-0ubuntu10.13_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.10~dfsg-0ubuntu10.13_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.18~dfsg~0-0ubuntu2.9_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.18~dfsg~0-0ubuntu2.9_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.22~dfsg+1-0ubuntu1.2_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3768-1) ghostscript_9.22~dfsg+1-0ubuntu1.2_amd64.deb | Linux |
| ghostscript security update(DSA-4288-1) ghostscript_9.20~dfsg-3.2+deb9u4_i386.deb | Linux |
| ghostscript security update(DSA-4288-1) ghostscript_9.20~dfsg-3.2+deb9u4_amd64.deb | Linux |
| SUSE-SU-2018:2975-1(SUSE Linux Enterprise Desktop 12-SP3 ) ghostscript-9.25-23.13.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2975-1(SUSE Linux Enterprise Desktop 12-SP3 ) ghostscript-debuginfo-9.25-23.13.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2975-1(SUSE Linux Enterprise Desktop 12-SP3 ) ghostscript-debugsource-9.25-23.13.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2975-1(SUSE Linux Enterprise Desktop 12-SP3 ) ghostscript-x11-9.25-23.13.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2975-1(SUSE Linux Enterprise Desktop 12-SP3 ) ghostscript-x11-debuginfo-9.25-23.13.1.x86_64.rpm | Linux |
| ghostscript Security Update (ALAS-2018-1088) ghostscript-devel-9.06-8.amzn2.0.5.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234