Main Vulnerability Database Vulnerabilities #VU14564

#VU14564 Type confusion in Ghostscript - CVE-2018-15910

Published: August 30, 2018 / Updated: April 22, 2020

Vulnerability identifier: #VU14564

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-15910

CWE-ID: CWE-843

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ghostscript

Software vendor:
Artifex Software, Inc.

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the bypass of the -dSAFER option. A remote unauthenticated attacker can submit a specially crafted PostScript file, trigger type confusion in LockDistillerParams parameter and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c3476dde7743761a4e1d39a631716199b696b880

#VU14564 Type confusion in Ghostscript - CVE-2018-15910

Description

Remediation

External links

Please verify you're human