CVE-2018-19134
ghostscript: Type confusion in setpattern (700141)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
En Artifex Ghostscript hasta la versión 9.25, el operador setpattern no validaba ciertos tipos correctamente. Un documento PostScript especialmente manipulado podría explotar esto para provocar el cierre inesperado de Ghostscript o ejecutar código arbitrario en el contexto del proceso Ghostscript. Este es un problema de confusión de tipos debido al error a la hora de comprobar si la implementación de un diccionario de patrones era un tipo de estructura.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-09 CVE Reserved
- 2018-12-18 CVE Published
- 2024-05-12 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-704: Incorrect Type Conversion or Cast
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=693baf02152119af6e6afd30bb8ec76d14f84bbf | X_refsource_confirm | |
| http://www.securityfocus.com/bid/106278 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html | Mailing List |
|
| https://www.ghostscript.com/doc/9.26/News.htm | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:3834 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2018-19134 | 2018-12-17 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1655599 | 2018-12-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Artifex Search vendor "Artifex" | Ghostscript Search vendor "Artifex" for product "Ghostscript" | <= 9.25 Search vendor "Artifex" for product "Ghostscript" and version " <= 9.25" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||