CVE-2018-19478

Name: CVE-2018-19478
Creator: NVD / NIST
Published: 2019-01-02T18:29:01.123+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.89%

Last modified Jun 17, 2026

CVE-2018-19478 is a vulnerability of currently unknown severity. In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.. EPSS estimates a 1.89% chance of exploitation in the next 30 days.

Description

In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.

Metrics

EPSS Probability

1.89%

76.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Artifex	Ghostscript	< 9.26
Debian	Debian Linux	8.0

References

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=0a7e5a1c309fa0911b892fa40996a7d55d90bace
http://www.securityfocus.com/bid/106445Third Party Advisory, VDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=699856Issue Tracking, Permissions Required, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1655607Issue Tracking, Patch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/12/msg00019.htmlThird Party Advisory
https://www.ghostscript.com/doc/9.26/History9.htmRelease Notes
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=0a7e5a1c309fa0911b892fa40996a7d55d90bace
http://www.securityfocus.com/bid/106445Third Party Advisory, VDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=699856Issue Tracking, Permissions Required, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1655607Issue Tracking, Patch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/12/msg00019.htmlThird Party Advisory
https://www.ghostscript.com/doc/9.26/History9.htmRelease Notes

Timeline

Published: Jan 2, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-19478?

In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.

How severe is CVE-2018-19478?

Severity scoring for CVE-2018-19478 is pending analysis. The EPSS model estimates a 1.89% probability of exploitation in the next 30 days.

How do I fix CVE-2018-19478?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-19478?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST