rpm package
suse/libspectre&distro=SUSE Linux Enterprise Module for Desktop Applications 15
pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-15911 | — | < 0.2.8-3.2.1 | 0.2.8-3.2.1 | Aug 28, 2018 | In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | ||
| CVE-2018-15910 | — | < 0.2.8-3.2.1 | 0.2.8-3.2.1 | Aug 27, 2018 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | ||
| CVE-2018-15909 | — | < 0.2.8-3.2.1 | 0.2.8-3.2.1 | Aug 27, 2018 | In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | ||
| CVE-2018-15908 | — | < 0.2.8-3.2.1 | 0.2.8-3.2.1 | Aug 27, 2018 | In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. |
- CVE-2018-15911Aug 28, 2018affected < 0.2.8-3.2.1fixed 0.2.8-3.2.1
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
- CVE-2018-15910Aug 27, 2018affected < 0.2.8-3.2.1fixed 0.2.8-3.2.1
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
- CVE-2018-15909Aug 27, 2018affected < 0.2.8-3.2.1fixed 0.2.8-3.2.1
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
- CVE-2018-15908Aug 27, 2018affected < 0.2.8-3.2.1fixed 0.2.8-3.2.1
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
Page 2 of 2