Ghostscript 'shading_param' Remote Code Execution Vulnerability
BID:105178
CVE-2018-15909 |Info
Ghostscript 'shading_param' Remote Code Execution Vulnerability
| Bugtraq ID: | 105178 |
| Class: | Unknown |
| CVE: |
CVE-2018-15909 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 28 2018 12:00AM |
| Updated: | Apr 26 2019 08:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 Pulse Secure Pulse Connect Secure 9.0R3 Pulse Secure Pulse Connect Secure 9.0R2 Pulse Secure Pulse Connect Secure 9.0R1 Pulse Secure Pulse Connect Secure 8.3R7 Pulse Secure Pulse Connect Secure 8.3R6 Pulse Secure Pulse Connect Secure 8.3R5 Pulse Secure Pulse Connect Secure 8.3R4 Pulse Secure Pulse Connect Secure 8.3R1 Pulse Secure Pulse Connect Secure 8.3 R1 Pulse Secure Pulse Connect Secure 8.2R6 Pulse Secure Pulse Connect Secure 8.2R5 Pulse Secure Pulse Connect Secure 8.2R11 Pulse Secure Pulse Connect Secure 8.2R10 Pulse Secure Pulse Connect Secure 8.2R1.1 Pulse Secure Pulse Connect Secure 8.2R1 Pulse Secure Pulse Connect Secure 8.2R0 Oracle Solaris 11.4 Ghostscript Ghostscript 9.23 |
| Not Vulnerable: |
Pulse Secure Pulse Connect Secure 9.0R4 Pulse Secure Pulse Connect Secure 9.0R3.4 Pulse Secure Pulse Connect Secure 8.3R7.1 Pulse Secure Pulse Connect Secure 8.2R12.1 |
Discussion
Ghostscript 'shading_param' Remote Code Execution Vulnerability
Ghostscript is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code or crash the affected application, resulting in denial-of-service conditions.
Ghostscript is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code or crash the affected application, resulting in denial-of-service conditions.
Exploit / POC
Ghostscript 'shading_param' Remote Code Execution Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Ghostscript 'shading_param' Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Ghostscript 'shading_param' Remote Code Execution Vulnerability
References:
References:
- Bug 1621361 - (CVE-2018-15909) CVE-2018-15909 ghostscript: shading_param incompl (Red Hat Bugzilla)
- CVE-2018-15909 (Red Hat Bugzilla)
- Fix Bug 699660 "shading_param incomplete type checking" (Ghostscript)
- Ghostscript Homepage (Ghostscript)
- Hide the .shfill operator (Ghostscript)
- Oracle Solaris Third Party Bulletin - January 2019 (Oracle)
- SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in P (Pulse Secure)