Published: 18/04/2018 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript up to and including 9.22 does not prevent overflows in text-positioning calculation, which allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex ghostscript
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10
canonical ubuntu linux 18.04
debian debian linux 7.0
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux server eus 7.5
redhat enterprise linux server eus 7.7
redhat enterprise linux server aus 7.7
redhat enterprise linux server tus 7.7

Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Several security issues were fixed in Ghostscript ...

Debian Bug report logs - #896069 ghostscript: CVE-2018-10194: Buffer overflow on pprintg1 due to mishandle postscript file data to pdf Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 19 ...

Debian Bug report logs - #860869 ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 21 Apr 2017 06:3 ...

The set_text_distance function in devices/vector/gdevpdtsc in the pdfwrite component in Artifex Ghostscript through 922 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document (CVE-2018-10194) ...

The set_text_distance function in devices/vector/gdevpdtsc in the pdfwrite component in Artifex Ghostscript through 922 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document ...

CWE-119 https://bugs.ghostscript.com/show_bug.cgi?id=699255 http://www.securitytracker.com/id/1040729 https://lists.debian.org/debian-lts-announce/2018/04/msg00028.html https://usn.ubuntu.com/3636-1/https://access.redhat.com/errata/RHSA-2018:2918 https://security.gentoo.org/glsa/201811-12 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=39b1e54b2968620723bf32e96764c88797714879 https://access.redhat.com/errata/RHSA-2018:2918 https://usn.ubuntu.com/3636-1/https://nvd.nist.gov

CVE-2018-10194

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect