9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.973 High
EPSS
Percentile
99.9%
Debian Security Advisory DSA-4294-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
Package : ghostscript
CVE ID : CVE-2018-16509 CVE-2018-16802
Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an
interpreter for the PostScript language, which could result in the
execution of arbitrary code if a malformed Postscript file is processed
(despite the dSAFER sandbox being enabled).
For the stable distribution (stretch), these problems have been fixed in
version 9.20~dfsg-3.2+deb9u5.
We recommend that you upgrade your ghostscript packages.
For the detailed security status of ghostscript please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | armhf | ghostscript-dbg | < 9.06~dfsg-2+deb8u8 | ghostscript-dbg_9.06~dfsg-2+deb8u8_armhf.deb |
Debian | 9 | ppc64el | libgs9 | < 9.20~dfsg-3.2+deb9u5 | libgs9_9.20~dfsg-3.2+deb9u5_ppc64el.deb |
Debian | 9 | amd64 | ghostscript-dbg | < 9.20~dfsg-3.2+deb9u5 | ghostscript-dbg_9.20~dfsg-3.2+deb9u5_amd64.deb |
Debian | 9 | i386 | libgs-dev | < 9.20~dfsg-3.2+deb9u5 | libgs-dev_9.20~dfsg-3.2+deb9u5_i386.deb |
Debian | 8 | armhf | libgs-dev | < 9.06~dfsg-2+deb8u8 | libgs-dev_9.06~dfsg-2+deb8u8_armhf.deb |
Debian | 9 | mips64el | libgs-dev | < 9.20~dfsg-3.2+deb9u5 | libgs-dev_9.20~dfsg-3.2+deb9u5_mips64el.deb |
Debian | 9 | ppc64el | libgs-dev | < 9.20~dfsg-3.2+deb9u5 | libgs-dev_9.20~dfsg-3.2+deb9u5_ppc64el.deb |
Debian | 9 | mips64el | ghostscript-dbg | < 9.20~dfsg-3.2+deb9u5 | ghostscript-dbg_9.20~dfsg-3.2+deb9u5_mips64el.deb |
Debian | 9 | i386 | ghostscript-dbg | < 9.20~dfsg-3.2+deb9u5 | ghostscript-dbg_9.20~dfsg-3.2+deb9u5_i386.deb |
Debian | 8 | armel | ghostscript-x | < 9.06~dfsg-2+deb8u8 | ghostscript-x_9.06~dfsg-2+deb8u8_armel.deb |
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.973 High
EPSS
Percentile
99.9%