Code Injection in Ghostscript - CVE-2018-17961
Published: October 17, 2018
Vulnerability identifier: #VU15376
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2018-17961
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Artifex Software, Inc.
Affected software:
Ghostscript
Ghostscript
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation that allows sandbox bypass via error handler setup vectors. A remote attacker can pass a specially crafted PostScript file to the affected application, inject and execute arbitrary code on the target system.
Note: this vulnerability exists due to insufficient patch for previously fixed Code injection vulnerability (CVE-2018-17183).
How to mitigate CVE-2018-17961
Install updates from vendor's website.
Sources
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94
- http://www.openwall.com/lists/oss-security/2018/10/09/4
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2
- https://bugs.ghostscript.com/show_bug.cgi?id=699816
- https://www.exploit-db.com/exploits/45573/