CVE-2018-16513
Description
Artifex Ghostscript before 9.24 has a type confusion in the setcolor function, allowing crafted PostScript files to crash the interpreter or cause other unspecified impacts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Artifex Ghostscript before 9.24 has a type confusion in the setcolor function, allowing crafted PostScript files to crash the interpreter or cause other unspecified impacts.
Vulnerability
A type confusion vulnerability exists in the setcolor function of Artifex Ghostscript prior to version 9.24 [1][3]. This issue occurs when processing specially crafted PostScript files, where the interpreter fails to properly validate object types, leading to undefined behavior [1][3]. All versions before 9.24 are affected [1].
Exploitation
An attacker with the ability to supply a malicious PostScript file can trigger this vulnerability by invoking the setcolor function with crafted arguments that exploit the type confusion [1][3]. No special privileges or authentication beyond the ability to deliver the file are required; the victim would need to open or process the file using a vulnerable Ghostscript instance [3].
Impact
Successful exploitation can cause a denial of service through interpreter crash [1]. The original description also notes "unspecified other impact," and subsequent references indicate that arbitrary code execution may be possible under certain conditions [1][3]. The attacker could potentially execute arbitrary code with the privileges of the process running Ghostscript [3].
Mitigation
Artifex fixed the issue in Ghostscript version 9.24, released on 2018-09-05 [1]. All users should upgrade to version 9.24 or later [1][3]. Gentoo Linux users can update to version 9.26 as recommended in GLSA 201811-12 [3]. No workaround exists for unpatched versions [3].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
22- Range: <9.24
- osv-coords21 versionspkg:rpm/opensuse/ghostscript&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015
< 9.54.0-2.2+ 20 more
- (no CPE)range: < 9.54.0-2.2
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-3.6.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 8.62-32.47.13.1
- (no CPE)range: < 8.62-32.47.13.1
- (no CPE)range: < 8.62-32.47.13.1
- (no CPE)range: < 8.62-32.47.13.1
- (no CPE)range: < 8.62-32.47.13.1
- (no CPE)range: < 8.62-32.47.13.1
- (no CPE)range: < 0.2.8-3.2.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
9- security.gentoo.org/glsa/201811-12mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3768-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4288mitrevendor-advisoryx_refsource_DEBIAN
- git.ghostscript.commitrex_refsource_MISC
- bugs.ghostscript.com/show_bug.cgimitrex_refsource_MISC
- kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2018/09/msg00015.htmlmitremailing-listx_refsource_MLIST
- support.f5.com/csp/article/K22141757mitrex_refsource_CONFIRM
- www.artifex.com/news/ghostscript-security-resolved/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.