CVE-2018-15910

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions prior to 9.24

Description The issue is related to a type confusion error in the LockDistillerParams parameter. Attackers who can provide manipulated PostScript files could exploit this to crash the interpreter or execute code. This can be achieved by supplying specially crafted PostScript files, potentially allowing a remote attacker to execute arbitrary code.

Recommendations For versions prior to 9.24, update to version 9.24 or later to resolve the issue. As a temporary workaround, consider restricting the use of the LockDistillerParams parameter until a patch is available.

Fix

Type Confusion

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-704

Related Identifiers

ALT-PU-2018-2799

BDU:2018-01087

CESA-2018_2918

CVE-2018-15910

DLA-1504-1

DSA-4288-1

MGASA-2018-0378

OPENSUSE-SU-2018_3036-1

OPENSUSE-SU-2018_3038-1

OPENSUSE-SU-2024:10783-1

RHSA-2018:2918

RHSA-2018_2918

SUSE-SU-2018:2975-1

SUSE-SU-2018:2975-2

SUSE-SU-2018:2975-3

SUSE-SU-2018:2976-1

SUSE-SU-2018:3330-1

USN-3768-1

Affected Products

Alt Linux

Centos

Ghostscript

Red Hat

Suse

Ubuntu

CVE-2018-15910

Weakness Enumeration

Related Identifiers

Affected Products

References · 126