CVE-2018-10194

Опубликовано: 20 апр. 2018

Источник: redhat

CVSS3: 7

EPSS Низкий

Описание

The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

Отчет

Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Меры по смягчению последствий

Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	ghostscript	Will not fix
Red Hat Enterprise Linux 6	ghostscript	Will not fix
Red Hat Enterprise Linux 8	ghostscript	Not affected
Red Hat Enterprise Linux 7	ghostscript	Fixed	RHSA-2018:2918	16.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=1569108ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix function in gdevpdts.c

EPSS

Процентиль: 70%

0.00648

Низкий

7 High

CVSS3

Связанные уязвимости

CVE-2018-10194

CVSS3: 7.8

ubuntu

больше 7 лет назад

CVE-2018-10194

CVSS3: 7.8

nvd

больше 7 лет назад

CVE-2018-10194

CVSS3: 7.8

debian

больше 7 лет назад

The set_text_distance function in devices/vector/gdevpdts.c in the pdf ...

openSUSE-SU-2018:1909-1

suse-cvrf

больше 7 лет назад

Security update for ghostscript

openSUSE-SU-2018:1348-1

suse-cvrf

больше 7 лет назад

Security update for ghostscript

EPSS

Процентиль: 70%

0.00648

Низкий

7 High

CVSS3