An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.
References
Link | Resource |
---|---|
http://openwall.com/lists/oss-security/2018/08/27/4 | Issue Tracking Mailing List Patch Third Party Advisory |
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9 | Third Party Advisory |
https://bugs.ghostscript.com/show_bug.cgi?id=699671 | Issue Tracking Permissions Required |
https://usn.ubuntu.com/3768-1/ | Third Party Advisory |
https://usn.ubuntu.com/3773-1/ | Third Party Advisory |
https://security.gentoo.org/glsa/201811-12 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2018-09-04 23:29
Updated : 2019-03-11 09:45
NVD link : CVE-2018-16510
Mitre link : CVE-2018-16510
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
canonical
- ubuntu_linux
artifex
- ghostscript
- gpl_ghostscript