CVE-2018-15908 Information

Description

In Artifex Ghostscript 9.23 before 2018-08-23 attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3 https://access.redhat.com/errata/RHSA-2018:3650 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1/ https://www.debian.org/security/2018/dsa-4288 https://www.kb.cert.org/vuls/id/332928

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8