In Artifex Ghostscript up to and including 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
artifex ghostscript |
||
debian debian linux 8.0 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server aus 7.6 |