PT-2018-1827 · Artifex+5 · Ghostscript+5

Vítor Hugo Silva

Published

2018-04-18

Updated

2024-06-15

CVE-2018-10194

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions through 9.22

Description: The issue is related to the set text distance function in the pdfwrite component, which does not prevent overflows in text-positioning calculation. This allows remote attackers to cause a denial of service, potentially leading to an application crash, via a crafted PDF document. The vulnerability may also have unspecified other impacts.

Recommendations: For versions through 9.22, consider disabling the set text distance function as a temporary workaround until a patch is available. Restrict access to the pdfwrite component to minimize the risk of exploitation. Avoid using crafted PDF documents that could trigger the overflow in text-positioning calculation until the issue is resolved.

Fix

DoS

Buffer Overflow

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-252

Related Identifiers

ALT-PU-2018-2344

BDU:2018-01428

CESA-2018_2918

CVE-2018-10194

DLA-1363-1

MGASA-2018-0219

OPENSUSE-SU-2018_1348-1

OPENSUSE-SU-2018_1909-1

OPENSUSE-SU-2024:10783-1

RHSA-2018:2918

RHSA-2018_2918

SUSE-SU-2018:1332-1

SUSE-SU-2018:1369-1

SUSE-SU-2018:1884-1

SUSE-SU-2018_1332-1

SUSE-SU-2018_1884-1

USN-3636-1

Affected Products

Alt Linux

Centos

Ghostscript

Red Hat

Suse

Ubuntu

PT-2018-1827 · Artifex+5 · Ghostscript+5

CVE-2018-10194

Weakness Enumeration

Related Identifiers

Affected Products

References · 79