CVE-2018-17183Improper Cleanup on Thrown Exception in Ghostscript

CWE-460Improper Cleanup on Thrown Exception12 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.8%
top 26.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Artifex GhostscriptCanonical Ubuntu LinuxDebian Linux+6 more
Timeline
PublishedSep 19
Latest updateMay 13

Description

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

Debianartifex/ghostscript< 9.25~dfsg-1+3

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 7.6

🔴Vulnerability Details

3
GHSA
GHSA-w54c-254g-phcp: Artifex Ghostscript before 92022-05-13
OSV
CVE-2018-17183: Artifex Ghostscript before 92018-09-19
CVEList
CVE-2018-17183: Artifex Ghostscript before 92018-09-19

📋Vendor Advisories

4
Red Hat
ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183)2018-10-10
Ubuntu
Ghostscript vulnerabilities2018-10-01
Red Hat
ghostscript: User-writable error exception table2018-09-19
Debian
CVE-2018-17183: ghostscript - Artifex Ghostscript before 9.25 allowed a user-writable error exception table, w...2018

💬Community

4
Bugzilla
CVE-2018-17961 ghostscript: saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) [fedora-all]2018-10-24
Bugzilla
CVE-2018-17961 ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183)2018-10-24
Bugzilla
CVE-2018-17183 ghostscript: User-writable error exception table [fedora-all]2018-09-24
Bugzilla
CVE-2018-17183 ghostscript: User-writable error exception table2018-09-24
CVE-2018-17183 — Improper Cleanup on Thrown Exception | cvebase