Main Vulnerability Database Vulnerabilities #VU14562

Improper input validation in Ghostscript - CVE-2018-15911

Published: August 29, 2018 / Updated: April 22, 2020

Vulnerability identifier: #VU14562

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-15911

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Artifex Software, Inc.

Affected software:
Ghostscript

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the bypass of the -dSAFER option. A remote unauthenticated attacker can submit a specially crafted PostScript file, cause uninitialized memory access in the aesdecode operator and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2018-15911

Install update from vendor's website.

Sources

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f

Improper input validation in Ghostscript - CVE-2018-15911

Detailed vulnerability description

How to mitigate CVE-2018-15911

Sources

Please verify you're human