Ghostscript CVE-2018-19409 Security Bypass Vulnerability
BID:105990
CVE-2018-19409 |Info
Ghostscript CVE-2018-19409 Security Bypass Vulnerability
| Bugtraq ID: | 105990 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-19409 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 14 2018 12:00AM |
| Updated: | Jan 18 2019 11:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 18.10 Ubuntu Ubuntu Linux 18.04 LTS Ubuntu Ubuntu Linux 16.04 LTS Ubuntu Ubuntu Linux 14.04 LTS Oracle Linux 7 Ghostscript Ghostscript 8.15.2 Ghostscript Ghostscript 8.0.1 Ghostscript Ghostscript 5.50 Ghostscript Ghostscript 9.24 Ghostscript Ghostscript 9.23 Ghostscript Ghostscript 9.20 Ghostscript Ghostscript 9.19 Ghostscript Ghostscript 9.18 Ghostscript Ghostscript 9.10 Ghostscript Ghostscript 9.05 Ghostscript Ghostscript 9.04 Ghostscript Ghostscript 8.71 Ghostscript Ghostscript 8.70 Ghostscript Ghostscript 8.64 Ghostscript Ghostscript 8.61 Ghostscript Ghostscript 8.60 Ghostscript Ghostscript 8.57 Ghostscript Ghostscript 8.56 Ghostscript Ghostscript 8.54 Ghostscript Ghostscript 8.15 Ghostscript Ghostscript 8 64 Ghostscript Ghostscript 7.07 Ghostscript Ghostscript 7.05 CubeSoft CubePDF 1.0 RC 13 CubeSoft CubePDF 1.0.0RC16 CubeSoft CubePDF 1.0.0RC15 CubeSoft CubePDF 1.0.0RC14 CubeSoft CubePDF 1.0.0RC13P1 CubeSoft CubePDF 1.0.0 RC 12 |
| Not Vulnerable: |
CubeSoft CubePDF 1.0.0RC17 Artifex Ghostscript 9.26 |
Discussion
Ghostscript CVE-2018-19409 Security Bypass Vulnerability
Ghostscript is prone to a security-bypass vulnerability.
Successful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks.
Versions prior to Ghostscript 9.26 are vulnerable.
Ghostscript is prone to a security-bypass vulnerability.
Successful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks.
Versions prior to Ghostscript 9.26 are vulnerable.
Exploit / POC
Ghostscript CVE-2018-19409 Security Bypass Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Ghostscript CVE-2018-19409 Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Ghostscript CVE-2018-19409 Security Bypass Vulnerability
References:
References:
- History of Ghostscript Versions 9.xx (ghostscript)
- Bug 1652583 (CVE-2018-19409) - CVE-2018-19409 ghostscript: Improperly implemente (Red Hat Bugzilla)
- Bug 700176: check the *output* device for LockSafetyParams (Ghostscript)
- CubePDF 1.0.0RC17 (CubeSoft)
- Ghostscript Homepage (Ghostscript)
- Oracle Linux Bulletin - (Oracle)
- CVE-2018-19409 (Redhat)
- ghostscript vulnerabilities (Ubuntu)
- GPL Ghostscript: Multiple vulnerabilities (Gentoo)