Описание
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193)
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 9.22~dfsg+1-0ubuntu1.1 |
| devel | not-affected | 9.23~dfsg+1-0ubuntu2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [9.10~dfsg-0ubuntu10.13]] |
| esm-infra/bionic | not-affected | 9.22~dfsg+1-0ubuntu1.1 |
| esm-infra/xenial | released | 9.18~dfsg~0-0ubuntu2.9 |
| precise/esm | DNE | |
| trusty | released | 9.10~dfsg-0ubuntu10.13 |
| trusty/esm | DNE | trusty was released [9.10~dfsg-0ubuntu10.13] |
| upstream | needs-triage | |
| xenial | released | 9.18~dfsg~0-0ubuntu2.9 |
Показывать по
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193)
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193)
An issue was discovered in Artifex Ghostscript before 9.24. The .setdi ...
** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193).
Уязвимость реализации команды setdistillerkeys набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю вызвать отказ в обслуживании
6.8 Medium
CVSS2
7.8 High
CVSS3