Detections
Analytics
Alpine: multiple ghostscript packages: security update to 9.24-r0
high Tenable Self-Hosted Container Security Plugin ID 423931
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to
bypass .tempfile restrictions and write files. (CVE-2018-15908)
- In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used
by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
(CVE-2018-15909)
- In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type
confusion in the LockDistillerParams parameter to crash the interpreter or execute code. (CVE-2018-15910)
- In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use
uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute
code. (CVE-2018-15911)
See Also
https://security.alpinelinux.org/vuln/CVE-2018-15908
https://security.alpinelinux.org/vuln/CVE-2018-15909
Plugin Details
Severity: High
ID: 423931
Version: Revision 1.7
Type: Local
Published: 4/4/2025
Updated: 5/30/2025
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2018-15911
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 8/21/2018
Reference Information
CVE: CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911