CVE-2018-19409
Description
In Ghostscript before 9.26, LockSafetyParams is not properly checked when another device is used, allowing remote code execution via crafted PostScript/PDF files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Ghostscript before 9.26, LockSafetyParams is not properly checked when another device is used, allowing remote code execution via crafted PostScript/PDF files.
Vulnerability
A security issue exists in Artifex Ghostscript versions prior to 9.26 where the LockSafetyParams mechanism is not correctly validated when a different device is used [1]. This oversight allows a specially crafted PostScript file or PDF document to bypass safety restrictions designed to prevent dangerous operations.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious PostScript or PDF file that instructs Ghostscript to switch to a device where LockSafetyParams is not enforced [1][3]. The attacker does not require authentication but relies on the victim opening the crafted file with Ghostscript or an application that uses Ghostscript for processing.
Impact
Successful exploitation allows arbitrary code execution with the privileges of the Ghostscript process [3]. This can lead to full system compromise, including the ability to read, modify, or destroy data, and potentially gain further access to the system.
Mitigation
The vulnerability is fixed in Ghostscript version 9.26 [1][3]. Red Hat Enterprise Linux 7 ships ghostscript-9.07-31.el7_6.6 as a fix [1]. Gentoo users should upgrade to >=app-text/ghostscript-gpl-9.26 [3]. There is no known workaround; updating is essential.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
36- Range: <9.26
- osv-coords35 versionspkg:rpm/opensuse/ghostscript&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ghostscript&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/libspectre&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libspectre&distro=SUSE%20OpenStack%20Cloud%207
< 9.54.0-2.2+ 34 more
- (no CPE)range: < 9.54.0-2.2
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-3.9.4
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 9.26-23.16.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.8-3.4.3
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
- (no CPE)range: < 0.2.7-12.4.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
9- access.redhat.com/errata/RHSA-2018:3834mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201811-12mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3831-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4346mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/105990mitrevdb-entryx_refsource_BID
- bugs.ghostscript.com/show_bug.cgimitrex_refsource_MISC
- git.ghostscript.commitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2018/11/msg00036.htmlmitremailing-listx_refsource_MLIST
- www.ghostscript.com/doc/9.26/History9.htmmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.