VDB
ALPINE-CVE-2018-15909
ALPINE-CVE-2018-15909
PUBLISHED
CVSS 7.800000190734863 HIGH
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
Risk Scores
CVSS 3.0
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.7 | ghostscript | 9.21-r2, 0, 8.64-r0 |
| Alpine:v3.17 | ghostscript | 9.15-r0, 0, 8.64-r0 |
| Alpine:v3.8 | ghostscript | 9.10-r1, 9.10-r0, 9.09-r1 |
| Alpine:v3.9 | ghostscript | 8.70-r0, 9.22-r0, 9.21-r3 |
| Alpine:v3.19 | ghostscript | 9.16-r1, 9.16-r0, 9.15-r1 |
| Alpine:v3.5 | ghostscript | 9.06-r2, 9.09-r0, 9.07-r0 |
| Alpine:v3.13 | ghostscript | 8.71-r1, 0, 8.64-r0 |
| Alpine:v3.22 | ghostscript | 9.06-r1, 0, 8.64-r0 |
| Alpine:v3.10 | ghostscript | 9.10-r1, 9.15-r0, 9.15-r1 |
| Alpine:v3.20 | ghostscript | 9.10-r1, 9.10-r0, 9.09-r1 |
| Alpine:v3.11 | ghostscript | 9.10-r1, 9.22-r0, 9.21-r3 |
| Alpine:v3.14 | ghostscript | 0, 9.21-r3, 9.21-r2 |
| Alpine:v3.15 | ghostscript | 8.70-r0, 0, 8.64-r0 |
| Alpine:v3.21 | ghostscript | 9.22-r0, 0, 8.64-r0 |
| Alpine:v3.12 | ghostscript | 9.22-r0, 8.64-r0, 8.70-r0 |
| Alpine:v3.23 | ghostscript | 8.71-r4, 9.22-r0, 9.21-r3 |
| Alpine:v3.6 | ghostscript | 9.22-r0, 0, 8.64-r0 |
| Alpine:v3.16 | ghostscript | 9.00-r0, 9.22-r0, 9.21-r3 |
| Alpine:v3.18 | ghostscript | 9.15-r1, 9.16-r0, 9.16-r1 |
Timeline
- Aug 27, 2018 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch