ID CVE-2018-19476
Summary psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 25-04-2019 - 13:07)
Impact:
Exploitability:
CWE CWE-704
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHBA-2019:0327
  • rhsa
    id RHSA-2019:0229
rpms
  • ghostscript-0:9.07-31.el7_6.9
  • ghostscript-cups-0:9.07-31.el7_6.9
  • ghostscript-debuginfo-0:9.07-31.el7_6.9
  • ghostscript-devel-0:9.07-31.el7_6.9
  • ghostscript-doc-0:9.07-31.el7_6.9
  • ghostscript-gtk-0:9.07-31.el7_6.9
refmap via4
bid 106154
debian DSA-4346
misc
mlist [debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update
ubuntu USN-3831-1
Last major update 25-04-2019 - 13:07
Published 23-11-2018 - 05:29
Last modified 25-04-2019 - 13:07
Back to Top