CVE-2018-19475

Advisory lineage Upstream: 0 Downstream: 11

Downstream

ALPINE-CVE-2018-19475 DEBIAN-CVE-2018-19475 DLA-1598-1 DSA-4346-1 OPENSUSE-SU-2024:10783-1 RHSA-2019:0229

Modified

Published: 23 Nov 2018, 05:00

Last modified:05 Aug 2024, 11:37

Vulnerability Summary

Overall Risk (default)

high

54/100

CVSS Score

7.8 HIGH

v3.0 (nvd)

EPSS Score

65.28% CRITICAL

65% probability +1.70%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

23 Nov 2018, 05:00

Published

Vulnerability first disclosed

05 Aug 2024, 11:37

Last Modified

Vulnerability information updated

Description

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

CVSS Metrics

v3.0•HIGH•Score: 7.8CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 65.28%• Percentile: 99%

Affected Systems

Unknown•Ghostscript
< 9.26
canonical•ubuntu_linux
14.04 | 16.04 | 18.04 | 18.10
debian•debian_linux
8.0 | 9.0
redhat•enterprise_linux_desktop
7.0
redhat•enterprise_linux_server
7.0 | 7.6
redhat•enterprise_linux_server_aus
7.6
redhat•enterprise_linux_server_eus
7.6
redhat•enterprise_linux_server_tus
7.6
redhat•enterprise_linux_workstation
7.0
redhat•openshift_container_platform
3.11