Unrated severityNVD Advisory· Published Dec 20, 2018· Updated Aug 5, 2024
CVE-2018-19134
CVE-2018-19134
Description
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=9.25+ 1 more
- (no CPE)range: <=9.25
- (no CPE)range: <=9.25
Patches
Vulnerability mechanics
References
7- access.redhat.com/errata/RHSA-2018:3834mitrevendor-advisoryx_refsource_REDHAT
- git.ghostscript.commitrex_refsource_CONFIRM
- www.securityfocus.com/bid/106278mitrevdb-entryx_refsource_BID
- bugs.ghostscript.com/show_bug.cgimitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2018/12/msg00019.htmlmitremailing-listx_refsource_MLIST
- semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdfmitrex_refsource_MISC
- www.ghostscript.com/doc/9.26/News.htmmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.