CVE-2018-10194 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ghostscript
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.6%
top 29.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 18
Latest updateMay 14
Description
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages6 packages
Also affects: Debian Linux 7.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 7.7, 7.5