ID CVE-2018-19477
Summary psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
References
Vulnerable Configurations
  • Artifex Ghostscript 8 64
    cpe:2.3:a:artifex:ghostscript:8_64
  • Artifex Ghostscript 9.07
    cpe:2.3:a:artifex:ghostscript:9.07
  • Artifex Ghostscript 9.09
    cpe:2.3:a:artifex:ghostscript:9.09
  • Artifex Ghostscript 9.10
    cpe:2.3:a:artifex:ghostscript:9.10
  • Artifex Ghostscript 9.14
    cpe:2.3:a:artifex:ghostscript:9.14
  • Artifex Ghostscript 9.15
    cpe:2.3:a:artifex:ghostscript:9.15
  • Artifex Ghostscript 9.16
    cpe:2.3:a:artifex:ghostscript:9.16
  • Artifex Ghostscript 9.18
    cpe:2.3:a:artifex:ghostscript:9.18
  • Artifex Ghostscript 9.19
    cpe:2.3:a:artifex:ghostscript:9.19
  • Artifex Ghostscript 9.20
    cpe:2.3:a:artifex:ghostscript:9.20
  • Artifex Ghostscript 9.21
    cpe:2.3:a:artifex:ghostscript:9.21
  • Artifex Ghostscript 9.22
    cpe:2.3:a:artifex:ghostscript:9.22
  • Artifex Ghostscript 9.23
    cpe:2.3:a:artifex:ghostscript:9.23
  • Artifex Ghostscript 9.24
    cpe:2.3:a:artifex:ghostscript:9.24
  • Artifex Ghostscript 9.25
    cpe:2.3:a:artifex:ghostscript:9.25
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
  • Red Hat OpenShift Container Platform 3.11
    cpe:2.3:a:redhat:openshift_container_platform:3.11
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server 7.6
    cpe:2.3:o:redhat:enterprise_linux_server:7.6
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-704
CAPEC
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1598.NASL
    description Several security vulnerabilities were discovered in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled). For Debian 8 'Jessie', these problems have been fixed in version 9.06~dfsg-2+deb8u12. We recommend that you upgrade your ghostscript packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 119267
    published 2018-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119267
    title Debian DLA-1598-1 : ghostscript security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3831-1.NASL
    description It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 119301
    published 2018-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119301
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : ghostscript vulnerabilities (USN-3831-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4346.NASL
    description Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled). This update rebases ghostscript for stretch to the upstream version 9.26 which includes additional changes.
    last seen 2019-02-21
    modified 2019-02-15
    plugin id 119269
    published 2018-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119269
    title Debian DSA-4346-1 : ghostscript - security update
  • NASL family Windows
    NASL id GHOSTSCRIPT_9_26.NASL
    description The version of Artifex Ghostscript installed on the remote Windows host is prior to 9.26. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119240
    published 2018-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119240
    title Artifex Ghostscript < 9.26 PostScript Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1556.NASL
    description This update for ghostscript to version 9.26 fixes the following issues : Security issues fixed : - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331) : - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 119713
    published 2018-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119713
    title openSUSE Security Update : ghostscript (openSUSE-2018-1556)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2019-0229.NASL
    description From Red Hat Security Advisory 2019:0229 : An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es) : * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a '/invalidfileaccess in --run--' error. With this update, the regression has been fixed and the described error no longer occurs. (BZ#1665919)
    last seen 2019-02-21
    modified 2019-02-01
    plugin id 121523
    published 2019-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121523
    title Oracle Linux 7 : ghostscript (ELSA-2019-0229)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2019-82ACB29C1B.NASL
    description - rebase to latest upstream version 9.26 - Security fix for CVE-2018-19478 CVE-2018-19134 CVE-2018-19477 CVE-2018-19476 CVE-2018-19475 CVE-2018-19409 CVE-2018-18284 CVE-2018-18073 CVE-2018-17961 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-19
    plugin id 122284
    published 2019-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122284
    title Fedora 28 : ghostscript (2019-82acb29c1b)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1552.NASL
    description This update for ghostscript to version 9.26 fixes the following issues : Security issues fixed : - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331) : - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 119711
    published 2018-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119711
    title openSUSE Security Update : ghostscript (openSUSE-2018-1552)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2019-0229.NASL
    description An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es) : * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a '/invalidfileaccess in --run--' error. With this update, the regression has been fixed and the described error no longer occurs. (BZ#1665919)
    last seen 2019-02-21
    modified 2019-02-01
    plugin id 121527
    published 2019-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121527
    title RHEL 7 : ghostscript (RHSA-2019:0229)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-4090-1.NASL
    description This update for ghostscript to version 9.26 fixes the following issues : Security issues fixed : CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): Security issues have been the primary focus Minor bug fixes and improvements For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 119651
    published 2018-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119651
    title SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2018:4090-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20190131_GHOSTSCRIPT_ON_SL7_X.NASL
    description Security Fix(es) : - ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) - ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) - ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) - ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) - ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) Bug Fix(es) : - Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a '/invalidfileaccess in --run--' error. With this update, the regression has been fixed and the described error no longer occurs.
    last seen 2019-02-21
    modified 2019-02-01
    plugin id 121532
    published 2019-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121532
    title Scientific Linux Security Update : ghostscript on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-4087-1.NASL
    description This update for ghostscript to version 9.26 fixes the following issues : Security issues fixed : CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): Security issues have been the primary focus Minor bug fixes and improvements For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120186
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120186
    title SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2018:4087-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2019-0229.NASL
    description An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es) : * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a '/invalidfileaccess in --run--' error. With this update, the regression has been fixed and the described error no longer occurs. (BZ#1665919)
    last seen 2019-02-21
    modified 2019-02-11
    plugin id 122061
    published 2019-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122061
    title CentOS 7 : ghostscript (CESA-2019:0229)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2019-077A3F23C0.NASL
    description - rebase to latest upstream version 9.26 - Security fix for CVE-2018-19478 CVE-2018-19134 CVE-2018-19477 CVE-2018-19476 CVE-2018-19475 CVE-2018-19409 CVE-2018-18284 CVE-2018-18073 CVE-2018-17961 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 122103
    published 2019-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122103
    title Fedora 29 : ghostscript (2019-077a3f23c0)
redhat via4
advisories
  • rhsa
    id RHBA-2019:0327
  • rhsa
    id RHSA-2019:0229
rpms
  • ghostscript-0:9.07-31.el7_6.9
  • ghostscript-cups-0:9.07-31.el7_6.9
  • ghostscript-devel-0:9.07-31.el7_6.9
  • ghostscript-doc-0:9.07-31.el7_6.9
  • ghostscript-gtk-0:9.07-31.el7_6.9
refmap via4
bid 106154
debian DSA-4346
misc
mlist [debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update
ubuntu USN-3831-1
Last major update 23-11-2018 - 00:29
Published 23-11-2018 - 00:29
Last modified 25-04-2019 - 09:07
Back to Top