CVE-2018-16510
HIGHGhostscript < 9.24 - Denial of Service via Incorrect Exec Stack Handling in PDF Primitives
Title source: llmDescription
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.
References (6)
Core 6
Core References
Issue Tracking, Mailing List, Patch, Third Party Advisory x_refsource_misc
http://openwall.com/lists/oss-security/2018/08/27/4
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201811-12
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3768-1/
Patch x_refsource_misc
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3773-1/
Issue Tracking, Permissions Required x_refsource_misc
https://bugs.ghostscript.com/show_bug.cgi?id=699671
Scores
CVSS v3
7.8
EPSS
0.0022
EPSS Percentile
44.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (5)
artifex/ghostscript
< 9.24
artifex/gpl_ghostscript
< 9.26
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
Published
Sep 05, 2018
Tracked Since
Feb 18, 2026