An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193)
References
Link | Resource |
---|---|
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=1497d65039885a52b598b137dd8622bd4672f9be | |
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=971472c83a345a16dac9f90f91258bb22dd77f22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1626193 | |
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html | Mailing List Third Party Advisory |
https://seclists.org/oss-sec/2018/q3/182 | Mailing List Patch Third Party Advisory |
https://security.gentoo.org/glsa/201811-12 | Third Party Advisory |
https://usn.ubuntu.com/3768-1/ | Third Party Advisory |
https://www.debian.org/security/2018/dsa-4288 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-06T13:00:00
Updated: 2019-10-09T20:59:43
Reserved: 2018-09-06T00:00:00
Link: CVE-2018-16585
JSON object: View
NVD Information
Status : Modified
Published: 2018-09-06T14:29:00.760
Modified: 2024-05-17T01:24:50.123
Link: CVE-2018-16585
JSON object: View
Redhat Information
No data.
CWE