CVE-2018-16510: Buffer Overflow
First published: Wed Sep 05 2018(Updated: )
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artifex Ghostscript | <9.24 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Artifex Gpl Ghostscript | <9.26 | |
| debian/ghostscript | 9.53.3~dfsg-7+deb11u7 10.0.0~dfsg-11+deb12u4 10.0.0~dfsg-11+deb12u5 10.03.1~dfsg-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
- http://openwall.com/lists/oss-security/2018/08/27/4
- https://bugs.ghostscript.com/show_bug.cgi?id=699671
- https://security.gentoo.org/glsa/201811-12
- https://usn.ubuntu.com/3768-1/
- https://usn.ubuntu.com/3773-1/
- https://launchpad.net/bugs/cve/CVE-2018-16510
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
- https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
- https://security-tracker.debian.org/tracker/CVE-2018-16510
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16510
- https://nvd.nist.gov/vuln/detail/CVE-2018-16510
- https://ubuntu.com/security/CVE-2018-16510
Frequently Asked Questions
What is CVE-2018-16510?
CVE-2018-16510 is a vulnerability in Artifex Ghostscript that allows remote attackers to crash the interpreter or potentially have other unspecified impacts.
What is the severity of CVE-2018-16510?
CVE-2018-16510 has a severity rating of 7.8 (high).
How does CVE-2018-16510 affect Artifex Ghostscript?
CVE-2018-16510 affects Artifex Ghostscript versions before 9.24.
What is the recommended remedy for CVE-2018-16510 on Debian systems?
The recommended remedy for CVE-2018-16510 on Debian systems is to update to version 9.27~dfsg-2+deb10u5 or later.
What is the recommended remedy for CVE-2018-16510 on Ubuntu systems?
The recommended remedy for CVE-2018-16510 on Ubuntu systems is to update to version 9.22~dfsg+1-0ubuntu1.2 or later.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/artifex
- canonical/artifex ghostscript
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- canonical/artifex gpl ghostscript
- package-manager/debian