Main Vulnerability Database SB2018090424

SB2018090424 - Improper input validation in ghostscript (Alpine package)

Published: September 4, 2018

Security Bulletin ID SB2018090424

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2018-15909)

The vulnerability allows a remote attacker to bypass implemented security restrictions and execute arbitrary system commands.

The vulnerability exists due to improper input validation when processing malformed PostScript, PDF, EPS, or XPS files. A remote attacker can supply a specially crafted file, bypass -dSAFER restrictions and execute arbitrary commands on vulnerable system.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=0c81d393f55e12aad1694ac3ee4ed2b865527f6f
https://git.alpinelinux.org/aports/commit/?id=5e753b12c86f19cc249a631482ee1a4a739e45aa
https://git.alpinelinux.org/aports/commit/?id=646b9a7b6b94e05cb166f6a084a22fe8f03264fb
https://git.alpinelinux.org/aports/commit/?id=c13758613f3110e14c2e9eda818406f235d996c1
https://git.alpinelinux.org/aports/commit/?id=dd646650fecf6b0d42ffc26eed4a6da53a6040e5