Published: 21/11/2018 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in Artifex Ghostscript prior to 9.26. LockSafetyParams is not checked correctly if another device is used.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex ghostscript
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux server eus 7.6
redhat enterprise linux server aus 7.6

Synopsis Important: ghostscript security and bug fix update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

Several security issues were fixed in Ghostscript ...

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled) This update rebases ghostscript for stretch to the upstream version 926 which includes addition ...

Artifex Ghostscript before 925 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (CVE-2018-17183) Artifex Ghostscript 925 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involv ...

An issue was discovered in Artifex Ghostscript before 926 LockSafetyParams is not checked correctly if another device is used ...

security_GPT_prompt

awesome-chatgpt-prompts-security(SEC-GPT) 训练ChatGPT成为一名网络安全专家。很多问题不是一个指令就可以得到精准结果的，需要根据每个问题深入去了解，不能浅尝即止，期待大家提交prompts。渗透测试历史漏洞跟踪，包括文章和POC脚本地址提问 Thinkphp有哪些漏洞，列出版本和cve编号，并给出

网络安全chatgpt指令集，训练chatgpt成为一名网络安全专家

awesome-chatgpt-prompts-cybersecurity 训练ChatGPT成为一名网络安全专家。很多问题不是一个指令就可以得到精准结果的，需要根据每个问题深入去了解，不能浅尝即止，期待大家提交prompts。最新指令发布在助安社区论坛，定期同步到此仓库。渗透测试历史漏洞跟踪，包括文章和POC脚本地址提�

NVD-CWE-noinfo https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26 https://bugs.ghostscript.com/show_bug.cgi?id=700176 http://www.securityfocus.com/bid/105990 https://security.gentoo.org/glsa/201811-12 https://www.debian.org/security/2018/dsa-4346 https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://usn.ubuntu.com/3831-1/https://access.redhat.com/errata/RHSA-2018:3834 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f https://access.redhat.com/errata/RHSA-2018:3834 https://usn.ubuntu.com/3831-1/https://nvd.nist.gov

CVE-2018-19409

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect