Vulnerability Details : CVE-2018-19134

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.

Vulnerability category: Execute code

Published 2018-12-20 23:29:01

Updated 2019-01-11 15:54:45

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2018-19134

Probability of exploitation activity in the next 30 days: 0.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 48 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2018-19134

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	[email protected]
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-19134

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

Assigned by: [email protected] (Primary)

References for CVE-2018-19134

https://www.ghostscript.com/doc/9.26/News.htm

Release Notes
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf

Patch;Third Party Advisory
https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf

Exploit;Third Party Advisory

CVEs referencing this url
https://bugs.ghostscript.com/show_bug.cgi?id=700141

Issue Tracking;Permissions Required;Third Party Advisory
http://www.securityfocus.com/bid/106278

Third Party Advisory;VDB Entry
https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:3834

Third Party Advisory

CVEs referencing this url

Products affected by CVE-2018-19134

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Matching versions
Artifex » Ghostscript
Versions up to, including, (<=) 9.25
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
Matching versions