Vulnerability Name: | CVE-2018-19478 (CCN-155085) | ||||||||||||||||||||||||||||||||
Assigned: | 2018-11-20 | ||||||||||||||||||||||||||||||||
Published: | 2018-11-20 | ||||||||||||||||||||||||||||||||
Updated: | 2019-01-11 | ||||||||||||||||||||||||||||||||
Summary: | In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-20 | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-19478 Source: CCN Type: Ghostscript GIT Repository PDF interpreter - limit page tree recusrsion checking Source: CONFIRM Type: Patch, Third Party Advisory http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace Source: BID Type: Third Party Advisory, VDB Entry 106445 Source: CONFIRM Type: Issue Tracking, Permissions Required, Third Party Advisory https://bugs.ghostscript.com/show_bug.cgi?id=699856 Source: CCN Type: Red Hat Bugzilla Bug 1655607 (CVE-2018-19478) - CVE-2018-19478 ghostscript: Attempting to open a carefully crafted PDF file results in long-running computation Source: CONFIRM Type: Issue Tracking, Patch, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1655607 Source: XF Type: UNKNOWN ghostscript-cve201819478-dos(155085) Source: MLIST Type: Third Party Advisory [debian-lts-announce] 20181227 [SECURITY] [DLA 1620-1] ghostscript security update Source: CCN Type: Ghostscript Web site Version 9.26 (2018-11-20) Source: CONFIRM Type: Release Notes https://www.ghostscript.com/doc/9.26/History9.htm | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |