CVE-2018-16540 — HIGH (7.8)

Q: How severe is CVE-2018-16540?

CVE-2018-16540 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-16540?

Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostscript, Redhat Openshift Container Platform, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.

Vulnerability Description

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Artifex	Ghostscript	< 9.24
Redhat	Openshift Container Platform	3.11
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.6
Redhat	Enterprise Linux Server Eus	7.5
Redhat	Enterprise Linux Server Tus	7.6
Redhat	Enterprise Linux Workstation	7.0
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	14.04

Related Weaknesses (CWE)

CWE-416

References

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c432131c3fdb2143e148e8
https://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0229Third Party Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=699661Issue TrackingPermissions RequiredVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/201811-12Third Party Advisory
https://usn.ubuntu.com/3768-1/Third Party Advisory
https://www.artifex.com/news/ghostscript-security-resolved/PatchVendor Advisory
https://www.debian.org/security/2018/dsa-4288Third Party Advisory
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c432131c3fdb2143e148e8
https://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0229Third Party Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=699661Issue TrackingPermissions RequiredVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/201811-12Third Party Advisory

FAQ

What is CVE-2018-16540?

CVE-2018-16540 is a vulnerability with a CVSS score of 7.8 (HIGH). In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possi...

How severe is CVE-2018-16540?

CVE-2018-16540 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16540?

Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostscript, Redhat Openshift Container Platform, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.