Ghostscript Multiple Security Bypass Vulnerabilities

Bugtraq ID:	106154
Class:	Input Validation Error
CVE:	CVE-2018-19476 CVE-2018-19477 CVE-2018-19475
Remote:	Yes
Local:	No
Published:	Nov 23 2018 12:00AM
Updated:	Nov 23 2018 12:00AM
Credit:	The vendor reported these issues.
Vulnerable:	Ubuntu Ubuntu Linux 18.10 Ubuntu Ubuntu Linux 18.04 LTS Ubuntu Ubuntu Linux 16.04 LTS Ubuntu Ubuntu Linux 14.04 LTS Ghostscript Ghostscript 8.15.2 Ghostscript Ghostscript 8.0.1 Ghostscript Ghostscript 5.50 Ghostscript Ghostscript 9.24 + CubeSoft CubePDF 1.0 RC 13 Ghostscript Ghostscript 9.23 Ghostscript Ghostscript 9.20 Ghostscript Ghostscript 9.19 Ghostscript Ghostscript 9.18 Ghostscript Ghostscript 9.10 Ghostscript Ghostscript 9.05 Ghostscript Ghostscript 9.04 Ghostscript Ghostscript 8.71 Ghostscript Ghostscript 8.70 Ghostscript Ghostscript 8.64 Ghostscript Ghostscript 8.61 Ghostscript Ghostscript 8.60 Ghostscript Ghostscript 8.57 Ghostscript Ghostscript 8.56 Ghostscript Ghostscript 8.54 Ghostscript Ghostscript 8.15 Ghostscript Ghostscript 8 64 Ghostscript Ghostscript 7.07 Ghostscript Ghostscript 7.05 CubeSoft CubePDF 1.0 RC 13 CubeSoft CubePDF 1.0.0RC16 CubeSoft CubePDF 1.0.0RC15 CubeSoft CubePDF 1.0.0RC14 CubeSoft CubePDF 1.0.0RC13P1 CubeSoft CubePDF 1.0.0 RC 12
Not Vulnerable:	CubeSoft CubePDF 1.0.0RC17 Artifex Ghostscript 9.26

Ghostscript Multiple Security Bypass Vulnerabilities

Ghostscript is prone to multiple security-bypass vulnerabilities.

Successful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks.

Versions prior to Ghostscript 9.26 are vulnerable.