CVE-2018-16585 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ghostscript
Severity
7.8HIGHNVD
EPSS
0.5%
top 34.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 6
Latest updateMay 13
Description
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (h…
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages2 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04