CVE-2018-16513

Published: Sep 5, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.

Affected (10)

Products: Artifex: Ghostscript, Gpl Ghostscript · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more

Show all products

Artifex: Ghostscript, Gpl Ghostscript · Canonical: Ubuntu Linux · Debian: Debian Linux · Pulsesecure: Pulse Connect Secure

2 products

Gpl Ghostscript

1 product

1 product

1 product

Pulse Connect Secure

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript	Before 9.24

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Gpl Ghostscript	Before 9.26

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Pulsesecure Pulse Connect Secure	From 8.2r1.0 to 8.2r12.1
Pulsesecure Pulse Connect Secure	From 8.3r1 to 8.3r7.1
Pulsesecure Pulse Connect Secure	From 9.0r1 to 9.0r3.4

Related CWEs

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

References (18)

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b326a71659b7837d3acde954b18bda1a6f5e9498

Source: cve@mitre.org

https://bugs.ghostscript.com/show_bug.cgi?id=699655

Source: cve@mitre.org

Issue TrackingPermissions RequiredVendor Advisory

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201811-12

Source: cve@mitre.org

Third Party Advisory

https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS

Source: cve@mitre.org

https://usn.ubuntu.com/3768-1/

Source: cve@mitre.org

Third Party Advisory

https://www.artifex.com/news/ghostscript-security-resolved/

Source: cve@mitre.org

PatchVendor Advisory

https://www.debian.org/security/2018/dsa-4288

Source: cve@mitre.org

Third Party Advisory

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b326a71659b7837d3acde954b18bda1a6f5e9498

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.ghostscript.com/show_bug.cgi?id=699655

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions RequiredVendor Advisory

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201811-12

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3768-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.artifex.com/news/ghostscript-security-resolved/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.debian.org/security/2018/dsa-4288

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.