CVE-2018-16510 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ghostscript

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation10 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 55.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript Artifex GPL Ghostscript Canonical Ubuntu Linux

Timeline

PublishedSep 5

Latest updateMay 14

Description

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDartifex/ghostscript< 9.24

▶NVDartifex/gpl_ghostscript< 9.26

▶Debianartifex/ghostscript< 9.25~dfsg-1+3

Also affects: Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: openwall.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-7w4r-gf9m-vhrq: An issue was discovered in Artifex Ghostscript before 9↗2022-05-14

▶

CVEList

CVE-2018-16510: An issue was discovered in Artifex Ghostscript before 9↗2018-09-05

▶

OSV

CVE-2018-16510: An issue was discovered in Artifex Ghostscript before 9↗2018-09-05

▶

📋Vendor Advisories

Ubuntu

Ghostscript vulnerabilities↗2018-10-01

▶

Ubuntu

Ghostscript vulnerabilities↗2018-09-19

▶

Red Hat

ghostscript: Incorrect exec stack handling in the "CS" and "SC" PDF primitives (699671)↗2018-09-06

▶

Debian

CVE-2018-16510: ghostscript - An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack...↗2018

▶

💬Community

Bugzilla

CVE-2018-16510 ghostscript: Incorrect exec stack handling in the "CS" and "SC" PDF primitives (699671)↗2018-09-06

▶

Bugzilla

CVE-2018-16510 ghostscript: Incorrect exec stack handling in the "CS" and "SC" PDF primitives (699671) [fedora-all]↗2018-09-06

▶