Artifex Software Ghostscript .shfill Operator Type Confusion Code Execution VulnerabilityAugust 30, 2018 am31 2:19 am

A vulnerability in Artifex Software Ghostscript could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to the bypass of the -dSAFER option by the operations of the affected software. An attacker could exploit this vulnerability by submitting a crafted PostScript file to a targeted system. A successful exploit could cause a type confusion in the .shfill operator and allow the attacker to execute arbitrary code.

Artifex Software confirmed the vulnerability and released a software patch.

Security Impact Rating: High

CVE: CVE-2018-15909

%d bloggers like this: