What is CVE-2018-19475?

CVE-2018-19475 is a vulnerability in N/a. Published 2018-11-23.

Is CVE-2018-19475 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-19475

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

EPSS: 0.653 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

DSA-4346 (vendor-advisory, x_refsource_DEBIAN)
RHSA-2019:0229 (x_refsource_REDHAT, vendor-advisory)
USN-3831-1 (x_refsource_UBUNTU, vendor-advisory)
git.ghostscript.com/ (x_refsource_MISC)
bugs.ghostscript.com/show_bug.cgi (x_refsource_MISC)
semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf (x_refsource_MISC)
106154 (vdb-entry, x_refsource_BID)
[debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update (mailing-list, x_refsource_MLIST)
www.ghostscript.com/doc/9.26/History9.htm (x_refsource_MISC)
git.ghostscript.com/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-19475?: CVE-2018-19475 is a vulnerability in N/a. Published 2018-11-23.
Is CVE-2018-19475 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.