CVE-2018-16510

MEDIUM

Description

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.

References

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9

http://openwall.com/lists/oss-security/2018/08/27/4

https://bugs.ghostscript.com/show_bug.cgi?id=699671

https://security.gentoo.org/glsa/201811-12

https://usn.ubuntu.com/3768-1/

https://usn.ubuntu.com/3773-1/

Details

Source: MITRE

Published: 2018-09-05

Updated: 2019-03-11

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH