CVE-2018-18073

Description

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.36%• Percentile: 59%

Techniques & Countermeasures

• CWE-200•Exposure of Sensitive Information to an Unauthorized Actor

  The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

• Unknown•Ghostscript

  ≤ 9.25

• canonical•ubuntu_linux

  14.04 | 16.04 | 18.04 | 18.10

• debian•debian_linux

  8.0 | 9.0

• redhat•enterprise_linux_desktop

  7.0

• redhat•enterprise_linux_server

  7.0

• redhat•enterprise_linux_server_aus

  7.6

• redhat•enterprise_linux_server_eus

  7.6

• redhat•enterprise_linux_server_tus

  7.6

• redhat•enterprise_linux_workstation

  7.0

References (9)

• http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html
• https://bugs.ghostscript.com/show_bug.cgi?id=699927
• https://access.redhat.com/errata/RHSA-2018:3834
• https://usn.ubuntu.com/3803-1/
• http://www.openwall.com/lists/oss-security/2018/10/10/12
• https://www.debian.org/security/2018/dsa-4336
• https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html
• https://bugs.chromium.org/p/project-zero/issues/detail?id=1690
• http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c