CVE-2018-19134
Severity CVSS v4.0:
Pending analysis
Type:
CWE-704
Incorrect Type Conversion or Cast
Publication date:
20/12/2018
Last modified:
07/11/2023
Description
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* | 9.25 (including) | |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba%3Dcommitdiff%3Bh%3D693baf02152119af6e6afd30bb8ec76d14f84bbf
- http://www.securityfocus.com/bid/106278
- https://access.redhat.com/errata/RHSA-2018:3834
- https://bugs.ghostscript.com/show_bug.cgi?id=700141
- https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html
- https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf
- https://www.ghostscript.com/doc/9.26/News.htm