Base Score

CRITICAL9.8

CVE-2018-19409

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.

VectorNETWORK

Published Bycve@mitre.org

Published DateNov 21, 2018, 16:29

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://www.securityfocus.com/bid/105990
https://access.redhat.com/errata/RHSA-2018:3834
https://bugs.ghostscript.com/show_bug.cgi?id=700176
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f
https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html
https://security.gentoo.org/glsa/201811-12
https://usn.ubuntu.com/3831-1/
https://www.debian.org/security/2018/dsa-4346
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26

Base Score

CRITICAL9.8

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH