Bug 1118455 (CVE-2018-19134) - VUL-0: CVE-2018-19134: ghostscript,ghostscript-library: ghostscript: Type confusion in setpattern (700141)
Summary: VUL-0: CVE-2018-19134: ghostscript,ghostscript-library: ghostscript: Type con...
Status: RESOLVED FIXED
Alias: CVE-2018-19134
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/220128/
Whiteboard: CVSSv3:SUSE:CVE-2018-19134:7.3:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-05 10:06 UTC by Marcus Meissner
Modified: 2020-06-14 05:11 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 3 Johannes Meixner 2019-04-24 08:05:59 UTC
This is fixed in SLE12 and SLE15 since Ghostscript version upgrade to 9.26
but "CVE-2018-19134" is not mentioned in our ghostscript.changes file.
Comment 4 Marcus Meissner 2019-05-12 16:19:45 UTC
exploit description for code exec:
https://lgtm.com/blog/ghostscript_CVE-2018-19134_exploit
Comment 8 Marcus Meissner 2020-01-28 07:29:36 UTC
released