CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-15911 – ghostscript: Uninitialized memory access in the aesdecode operator (699665)
https://notcve.org/view.php?id=CVE-2018-15911
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. En Artifex Ghostscript 9.23 antes del 24/08/2018, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear un acceso a la memoria no inicializada en el operador aesdecode para provocar el cierre inesperado del intérprete o ejecutar código. It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8e9ce5016db968b40e4ec255a3005f2786cce45f http://www.securityfocus.com/bid/105122 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=699665 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K22141757?utm_source=f5support&%3Butm_medium= • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-15908 – ghostscript: .tempfile file permission issues (699657)
https://notcve.org/view.php?id=CVE-2018-15908
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. En Artifex Ghostscript 9.23 antes del 23/08/2018, los atacantes pueden proporcionar archivos PostScript maliciosos para omitir las restricciones .tempfile y escribir en archivos. It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibly exploit this to exploit this to bypass the -dSAFER protection and delete files or disclose their content via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0d3901189f245232f0161addf215d7268c4d05a3 https://access.redhat.com/errata/RHSA-2018:3650 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1 https://www.debian.org/security/2018/dsa-4288 https://www.kb.cert.org/vuls/id/332928 https://access.redhat.com/security/cve/CVE-2018-15908 https://bugzilla.redhat.com/show_bug.cgi?id=1619756 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2018-15909 – ghostscript: shading_param incomplete type checking (699660)
https://notcve.org/view.php?id=CVE-2018-15909
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. En Artifex Ghostscript 9.23 antes del 24/08/2018, los atacantes podrían emplear una confusión de tipos usando el operador .shfill para proporcionar archivos PostScript manipulados para provocar el cierre inesperado del intérprete o ejecutar código. It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0b6cd1918e1ec4ffd087400a754a845180a4522b http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e01e77a36cbb2e0277bc3a63852244bec41be0f6 http://www.securityfocus.com/bid/105178 https://access.redhat.com/errata/RHSA-2018:3650 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K24803507?utm • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-15910 – ghostscript: LockDistillerParams type confusion (699656)
https://notcve.org/view.php?id=CVE-2018-15910
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. En Artifex Ghostscript en versiones anteriores a la 9.24, los atacantes que puedan proporcionar archivos PostScript manipulados podrían emplear una confusión de tipos en el parámetro LockDistillerParams para provocar el cierre inesperado del intérprete o ejecutar código. It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c3476dde7743761a4e1d39a631716199b696b880 http://www.securityfocus.com/bid/105122 https://access.redhat.com/errata/RHSA-2018:2918 https://bugs.ghostscript.com/show_bug.cgi?id=699656 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://support.f5.com/csp/article/K22141757?utm_source=f5support&%3Butm_medium= • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 2%CPEs: 13EXPL: 0CVE-2018-10194 – ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix function in gdevpdts.c
https://notcve.org/view.php?id=CVE-2018-10194
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. La función set_text_distance en devices/vector/gdevpdts.c en el componente pdfwrite en Artifex Ghostscript, hasta la versión 9.22, no evita los desbordamientos en el cálculo de posicionamiento de texto. Esto permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) u otro tipo de impacto sin especificar mediante un documento PDF manipulado. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=39b1e54b2968620723bf32e96764c88797714879 http://www.securitytracker.com/id/1040729 https://access.redhat.com/errata/RHSA-2018:2918 https://bugs.ghostscript.com/show_bug.cgi?id=699255 https://lists.debian.org/debian-lts-announce/2018/04/msg00028.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3636-1 https://access.redhat.com/security/cve/CVE-2018-10194 https://bugzilla.redhat.com/show_bug.cgi?id=1569108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •