Buffer overflow in Ghostscript - CVE-2018-16585
Published: September 6, 2018 / Updated: July 17, 2020
Vulnerability identifier: #VU31218
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-16585
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Artifex Software, Inc.
Affected software:
Ghostscript
Ghostscript
Detailed vulnerability description
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193).
How to mitigate CVE-2018-16585
Install update from vendor's website.
Sources
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
- https://bugzilla.redhat.com/show_bug.cgi?id=1626193
- https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
- https://seclists.org/oss-sec/2018/q3/182
- https://security.gentoo.org/glsa/201811-12
- https://usn.ubuntu.com/3768-1/
- https://www.debian.org/security/2018/dsa-4288