CVE-2018-16542 — MEDIUM (5.5)

Q: What is CVE-2018-16542?

CVE-2018-16542 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

Q: How severe is CVE-2018-16542?

CVE-2018-16542 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-16542?

Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostscript, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Eus.

Vulnerability Description

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Artifex	Ghostscript	< 9.24
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Eus	7.5
Redhat	Enterprise Linux Workstation	7.0
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	14.04

Related Weaknesses (CWE)

CWE-787

References

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b575e1ec42cc86f6a58c60
http://seclists.org/oss-sec/2018/q3/182Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/105337Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:2918Third Party Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=699668Issue TrackingPermissions RequiredVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/201811-12Third Party Advisory
https://usn.ubuntu.com/3768-1/Third Party Advisory
https://www.debian.org/security/2018/dsa-4288Third Party Advisory
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b575e1ec42cc86f6a58c60
http://seclists.org/oss-sec/2018/q3/182Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/105337Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:2918Third Party Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=699668Issue TrackingPermissions RequiredVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2018-16542?

CVE-2018-16542 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

How severe is CVE-2018-16542?

CVE-2018-16542 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16542?

Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostscript, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Eus.