CVE-2018-16542: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error…

medium5.5CVSS 3.0

AVLACLPRNUIRSUCNINAH

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
artifex	ghostscript	< 9.24	9.24
artifex	ghostscript	>= 0 < 9.22~dfsg-3	9.22~dfsg-3
artifex	ghostscript	>= 0 < 9.22~dfsg-3	9.22~dfsg-3
artifex	ghostscript	>= 0 < 9.22~dfsg-3	9.22~dfsg-3
artifex	ghostscript	>= 0 < 9.22~dfsg-3	9.22~dfsg-3
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	ghostscript	< ghostscript 9.22~dfsg-3 (bookworm)	ghostscript 9.22~dfsg-3 (bookworm)
redhat	enterprise_linux	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_workstation	—	—

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

osv5.5MEDIUM