Base Score

HIGH8.6

CVE-2018-18284

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

VectorLOCAL

Published Bycve@mitre.org

Published DateOct 19, 2018, 22:29

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://git.ghostscript.com/?p=ghostpdl.git%3Bh=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b
http://www.openwall.com/lists/oss-security/2018/10/16/2
http://www.securityfocus.com/bid/107451
https://access.redhat.com/errata/RHSA-2018:3834
https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
https://bugs.ghostscript.com/show_bug.cgi?id=699963
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html
https://security.gentoo.org/glsa/201811-12
https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/3803-1/
https://www.debian.org/security/2018/dsa-4336

Base Score

HIGH8.6

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH