CVE-2018-19409

Published: Nov 21, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.

Affected (12)

Products: Artifex: Ghostscript · Debian: Debian Linux · Canonical: Ubuntu Linux · +1 more

Show all products

Artifex: Ghostscript · Debian: Debian Linux · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Workstation

1 product

1 product

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript	Before 9.26

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Workstation	Version 7.0

References (18)

http://www.securityfocus.com/bid/105990

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:3834

Source: cve@mitre.org

Third Party Advisory

https://bugs.ghostscript.com/show_bug.cgi?id=700176

Source: cve@mitre.org

Issue TrackingPermissions RequiredVendor Advisory

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201811-12

Source: cve@mitre.org

MitigationThird Party Advisory

https://usn.ubuntu.com/3831-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4346

Source: cve@mitre.org

Third Party Advisory

https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26

Source: cve@mitre.org

Release NotesVendor Advisory

http://www.securityfocus.com/bid/105990

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:3834

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.ghostscript.com/show_bug.cgi?id=700176

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions RequiredVendor Advisory

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201811-12

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

https://usn.ubuntu.com/3831-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4346

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.