CVE-2018-19475 — HIGH (7.8)

Q: What is CVE-2018-19475?

CVE-2018-19475 is a vulnerability with a CVSS score of 7.8 (HIGH). psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

Q: How severe is CVE-2018-19475?

CVE-2018-19475 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-19475?

Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostscript, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Openshift Container Platform, Redhat Enterprise Linux Desktop.

Vulnerability Description

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Artifex	Ghostscript	< 9.26
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	14.04
Redhat	Openshift Container Platform	3.11
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.6
Redhat	Enterprise Linux Server Eus	7.6
Redhat	Enterprise Linux Server Tus	7.6
Redhat	Enterprise Linux Workstation	7.0

References

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3005fcb9bb160af199e761
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=aeea342904978c9fe17d85
http://www.securityfocus.com/bid/106154Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0229Third Party Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=700153Issue TrackingPatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00036.htmlMailing ListThird Party Advisory
https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscExploitMitigationThird Party Advisory
https://usn.ubuntu.com/3831-1/Third Party Advisory
https://www.debian.org/security/2018/dsa-4346Third Party Advisory
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26Release NotesVendor Advisory
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3005fcb9bb160af199e761
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=aeea342904978c9fe17d85
http://www.securityfocus.com/bid/106154Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory

FAQ

What is CVE-2018-19475?

CVE-2018-19475 is a vulnerability with a CVSS score of 7.8 (HIGH). psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

How severe is CVE-2018-19475?

CVE-2018-19475 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-19475?

Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostscript, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Openshift Container Platform, Redhat Enterprise Linux Desktop.