QwikSec

Security Database

CVE

CWE

Training

CVE-2018-19134

Published: Dec 20, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

https://bugs.ghostscript.com/show_bug.cgi?id=700141

x_refsource_CONFIRM

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=693baf02152119af6e6afd30bb8ec76d14f84bbf

x_refsource_CONFIRM

https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf

x_refsource_MISC

vdb-entry

x_refsource_BID

[debian-lts-announce] 20181227 [SECURITY] [DLA 1620-1] ghostscript security update

mailing-list

x_refsource_MLIST

https://www.ghostscript.com/doc/9.26/News.htm

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.