ID CVE-2018-16542
Summary In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
CVSS
Base: 4.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1621363
title CVE-2018-16542 ghostscript: .definemodifiedfont memory corruption if /typecheck is handled (699668)
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment ghostscript is earlier than 0:9.07-29.el7_5.2
          oval oval:com.redhat.rhsa:tst:20182918001
        • comment ghostscript is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095009
      • AND
        • comment ghostscript-cups is earlier than 0:9.07-29.el7_5.2
          oval oval:com.redhat.rhsa:tst:20182918003
        • comment ghostscript-cups is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20170013004
      • AND
        • comment ghostscript-devel is earlier than 0:9.07-29.el7_5.2
          oval oval:com.redhat.rhsa:tst:20182918005
        • comment ghostscript-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095011
      • AND
        • comment ghostscript-doc is earlier than 0:9.07-29.el7_5.2
          oval oval:com.redhat.rhsa:tst:20182918007
        • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095013
      • AND
        • comment ghostscript-gtk is earlier than 0:9.07-29.el7_5.2
          oval oval:com.redhat.rhsa:tst:20182918009
        • comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095015
rhsa
id RHSA-2018:2918
released 2018-10-16
severity Important
title RHSA-2018:2918: ghostscript security update (Important)
rpms
  • ghostscript-0:9.07-29.el7_5.2
  • ghostscript-cups-0:9.07-29.el7_5.2
  • ghostscript-debuginfo-0:9.07-29.el7_5.2
  • ghostscript-devel-0:9.07-29.el7_5.2
  • ghostscript-doc-0:9.07-29.el7_5.2
  • ghostscript-gtk-0:9.07-29.el7_5.2
refmap via4
bid 105337
debian DSA-4288
gentoo GLSA-201811-12
misc
mlist [debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update
ubuntu USN-3768-1
Last major update 24-08-2020 - 17:37
Published 05-09-2018 - 18:29
Last modified 24-08-2020 - 17:37
Back to Top