CVE-2018-19134

Published: Dec 20, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.

Affected (7)

Products: Artifex: Ghostscript · Debian: Debian Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Workstation

1 product

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript	Up to 9.25

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

References (14)

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=693baf02152119af6e6afd30bb8ec76d14f84bbf

Source: cve@mitre.org

http://www.securityfocus.com/bid/106278

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:3834

Source: cve@mitre.org

Third Party Advisory

https://bugs.ghostscript.com/show_bug.cgi?id=700141

Source: cve@mitre.org

Issue TrackingPermissions RequiredThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html

Source: cve@mitre.org

Third Party Advisory

https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.ghostscript.com/doc/9.26/News.htm

Source: cve@mitre.org

Release Notes

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=693baf02152119af6e6afd30bb8ec76d14f84bbf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/106278

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:3834

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.ghostscript.com/show_bug.cgi?id=700141

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions RequiredThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.ghostscript.com/doc/9.26/News.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.