CVE-2018-19478 : In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an

In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.

Published 2019-01-02 18:29:01

Updated 2019-01-11 15:52:43

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validation

Products affected by CVE-2018-19478

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Artifex » Ghostscript
Versions before (<) 9.26
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 35 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

http://www.securityfocus.com/bid/106445

Artifex Ghostscript CVE-2018-19478 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace

git.ghostscript.com Git - ghostpdl.git/commitdiff
Patch;Third Party Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=699856

699856 – Attempting to open a carefully crafted PDF file results in long-running computation
Issue Tracking;Permissions Required;Third Party Advisory
https://www.ghostscript.com/doc/9.26/History9.htm

History of Ghostscript versions 9.n
Release Notes
https://bugzilla.redhat.com/show_bug.cgi?id=1655607

1655607 – (CVE-2018-19478) CVE-2018-19478 ghostscript: Attempting to open a carefully crafted PDF file results in long-running computation (699856)
Issue Tracking;Patch;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html

[SECURITY] [DLA 1620-1] ghostscript security update
Third Party Advisory

CVEs referencing this url

Jump to