CVE-2018-19478 — Improper Input Validation in Ghostscript

CWE-20 — Improper Input Validation8 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.6%

top 29.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript Debian Linux

Timeline

PublishedJan 2

Latest updateMay 14

Description

In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDartifex/ghostscript< 9.26

▶Debianartifex/ghostscript< 9.26~dfsg-1+3

Also affects: Debian Linux 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-fcmg-pjrg-hphj: In Artifex Ghostscript before 9↗2022-05-14

▶

CVEList

CVE-2018-19478: In Artifex Ghostscript before 9↗2019-01-02

▶

OSV

CVE-2018-19478: In Artifex Ghostscript before 9↗2019-01-02

▶

📋Vendor Advisories

Red Hat

ghostscript: Attempting to open a carefully crafted PDF file results in long-running computation (699856)↗2018-11-20

▶

Debian

CVE-2018-19478: ghostscript - In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an ...↗2018

▶

💬Community

Bugzilla

CVE-2018-19478 ghostscript: Attempting to open a carefully crafted PDF file results in long-running computation (699856) [fedora-all]↗2018-12-05

▶

Bugzilla

CVE-2018-19478 ghostscript: Attempting to open a carefully crafted PDF file results in long-running computation (699856)↗2018-12-03

▶