CVE-2018-19134 - Incorrect Type Conversion or Cast

Severity

68%

Complexity

86%

Confidentiality

106%

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.

CVSS 3.0 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 6 years ago

2018-12-20 23:29:00

Last updated 6 years ago

2019-01-11 15:54:00

Affected Software

Artifex Ghostscript

Debian Linux 8.0 (Jessie)

8.0

RedHat Enterprise Linux Desktop 7.0

7.0

RedHat Enterprise Linux Server 7.0

7.0

Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6

7.6

Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6

7.6

RedHat Enterprise Linux Workstation 7.0

7.0

References

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf

Patch, Third Party Advisory

[debian-lts-announce] 20181227 [SECURITY] [DLA 1620-1] ghostscript security update

Third Party Advisory

https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf

Exploit, Third Party Advisory

https://www.ghostscript.com/doc/9.26/News.htm

Release Notes

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.