CVE-2018-17961

Advisory lineage Upstream: 0 Downstream: 12

Downstream

ALPINE-CVE-2018-17961 DEBIAN-CVE-2018-17961 DLA-1552-1 DSA-4336-1 MGASA-2018-0408 OPENSUSE-SU-2024:10783-1

Modified

Published: 15 Oct 2018, 16:00

Last modified:05 Aug 2024, 11:01

Vulnerability Summary

Overall Risk (default)

medium

47/100

CVSS Score

8.6 HIGH

v3.0 (nvd)

EPSS Score

10.5% MEDIUM

11% probability -0.82%

KEV

Not listed

Ransomware

No reports

Public exploits

2 found

Dark Web

Not detected

Timeline

15 Oct 2018, 16:00

Published

Vulnerability first disclosed

05 Aug 2024, 11:01

Last Modified

Vulnerability information updated

Description

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.

CVSS Metrics

v3.0•HIGH•Score: 8.6CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 10.50%• Percentile: 93%

Techniques & Countermeasures

CWE-209•Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.

Affected Systems

Unknown•Ghostscript
< 9.25
canonical•ubuntu_linux
14.04 | 16.04 | 18.04 | 18.10
debian•debian_linux
8.0 | 9.0
redhat•enterprise_linux_desktop
7.0
redhat•enterprise_linux_server
7.0
redhat•enterprise_linux_server_aus
7.6
redhat•enterprise_linux_server_eus
7.6
redhat•enterprise_linux_server_tus
7.6
redhat•enterprise_linux_workstation
7.0