Multiple vulnerabilities in Artifex Ghostscript
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2018-19475 CVE-2018-19477 CVE-2018-19476 CVE-2018-19409 CVE-2018-19478 |
| CWE-ID | CWE-20 CWE-843 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ghostscript Universal components / Libraries / Libraries used by multiple products GhostXPS Universal components / Libraries / Libraries used by multiple products |
| Vendor | Artifex Software, Inc. |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU16071
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19475
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to the psi/zdevice2.c source code file fails to check available stack space. A remote unauthenticated attacker can trick the victim into accessing a PostScript file that submits malicious input to bypass the security access restrictions on the targeted system, which could be used to conduct further attacks.
MitigationUpdate to version 9.26.
Vulnerable software versionsGhostscript: 9.00 - 9.25
GhostXPS: 9.21
External linkshttp://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Type confusion
EUVDB-ID: #VU16072
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19477
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to a JBIG2Decode type confusion condition in the psi/zfjbig2.csource code file. A remote unauthenticated attacker can trick the victim into accessing a PostScript file that submits malicious input to bypass the security access restrictions on the targeted system, which could be used to conduct further attacks.
MitigationUpdate to version 9.26.
Vulnerable software versionsGhostscript: 9.00 - 9.25
GhostXPS: 9.21
External linkshttp://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Type confusion
EUVDB-ID: #VU16073
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19476
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to a setcolorspace type confusion condition in the psi/zicc.c source code file. A remote unauthenticated attacker can trick the victim into accessing a PostScript file that submits malicious input to bypass the security access restrictions on the targeted system, which could be used to conduct further attacks.
MitigationUpdate to version 9.26.
Vulnerable software versionsGhostscript: 9.00 - 9.25
GhostXPS: 9.21
External linkshttp://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU16020
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19409
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to improper checks of the LockSafetyParams device parameter if another device is used as the top device. A local attacker can make a .setdevice call and bypass security restrictions If another device, such as the pdf14 compositor, is the top device on the system.
MitigationUpdate to version 9.26.
Vulnerable software versionsGhostscript: 9.00 - 9.25
External linkshttp://git.ghostscript.com/?p=ghostpdl.git&a=commit&h=661e8d8fb8248c38d67958beda32f...
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU16803
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19478
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into processing a specially crafted PDF file and trigger an extremely long running computation.
MitigationUpdate to version 9.26.
Vulnerable software versionsGhostscript: 5.50 - 9.25
External linkshttp://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace
http://bugs.ghostscript.com/show_bug.cgi?id=699856
http://www.ghostscript.com/doc/9.26/History9.htm
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
