Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-17961Improper Cleanup on Thrown Exception in Ghostscript

CWE-460Improper Cleanup on Thrown ExceptionCWE-209Information Exposure via Error Message10 documents9 sources
Severity
8.6HIGHNVD
CNA7.8OSV7.8
EPSS
11.3%
top 6.44%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
9
Artifex GhostscriptCanonical Ubuntu LinuxDebian Linux+6 more
Timeline
PublishedOct 15
Latest updateMay 13

Description

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages5 packages

Debianartifex/ghostscript< 9.25~dfsg-3+3

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.6

Patches

Patch: bugs.chromium.orgPatch: bugs.chromium.org

🔴Vulnerability Details

3
GHSA
GHSA-6j45-cc69-5jv8: Artifex Ghostscript 92022-05-13
OSV
CVE-2018-17961: Artifex Ghostscript 92018-10-15
CVEList
CVE-2018-17961: Artifex Ghostscript 92018-10-15

💥Exploits & PoCs

1
Exploit-DB
ghostscript - executeonly Bypass with errorhandler Setup2018-10-09

📋Vendor Advisories

3
Ubuntu
Ghostscript vulnerabilities2018-10-30
Red Hat
ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183)2018-10-10
Debian
CVE-2018-17961: ghostscript - Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protec...2018

💬Community

2
Bugzilla
CVE-2018-17961 ghostscript: saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) [fedora-all]2018-10-24
Bugzilla
CVE-2018-17961 ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183)2018-10-24
CVE-2018-17961 — Improper Cleanup on Thrown Exception | cvebase