CVE-2018-16510

high

Description

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.

References

https://usn.ubuntu.com/3773-1/

https://usn.ubuntu.com/3768-1/

https://security.gentoo.org/glsa/201811-12

https://bugs.ghostscript.com/show_bug.cgi?id=699671

http://openwall.com/lists/oss-security/2018/08/27/4

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ea735ba37dc0fd5f5622d031830b9a559dec1cc9

Details

Source: Mitre, NVD

Published: 2018-09-05

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High