CVE-2018-19134: Incorrect Type Cast
First published: Mon Dec 03 2018(Updated: )
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artifex Ghostscript | <=9.25 | |
| Debian Debian Linux | =8.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =7.6 | |
| Redhat Enterprise Linux Server Eus | =7.6 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| redhat/ghostscript | <9.26 | 9.26 |
| debian/ghostscript | 9.27~dfsg-2+deb10u5 9.27~dfsg-2+deb10u9 9.53.3~dfsg-7+deb11u6 9.53.3~dfsg-7+deb11u5 10.0.0~dfsg-11+deb12u2 10.0.0~dfsg-11+deb12u3 10.02.1~dfsg-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf
- http://www.securityfocus.com/bid/106278
- https://access.redhat.com/errata/RHSA-2018:3834
- https://bugs.ghostscript.com/show_bug.cgi?id=700141
- https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html
- https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf
- https://www.ghostscript.com/doc/9.26/News.htm
- http://git.ghostscript.com/?p=ghostpdl.git;a=blob;f=psi/zcolor.c;h=74b428801eda5c75d70cf55e88c407484b554527;hb=5a4fec2a34af925993192e197ab666fe542b79d3#l292
- http://git.ghostscript.com/?p=ghostpdl.git;a=blob;f=psi/zcolor.c;h=74b428801eda5c75d70cf55e88c407484b554527;hb=5a4fec2a34af925993192e197ab666fe542b79d3#l289
- http://git.ghostscript.com/?p=ghostpdl.git;a=blob;f=psi/zcolor.c;h=74b428801eda5c75d70cf55e88c407484b554527;hb=5a4fec2a34af925993192e197ab666fe542b79d3#l286
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1656320
- https://access.redhat.com/security/cve/CVE-2018-16509
- https://access.redhat.com/security/cve/cve-2018-16509
- https://access.redhat.com/security/cve/CVE-2018-19134
- http://git.ghostscript.com/?p=ghostpdl.git;h=693baf02152119af6e6afd30bb8ec76d14f84bbf
- https://access.redhat.com/support/policy/updates/errata/
- https://bugzilla.redhat.com/show_bug.cgi?id=1655599
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c8f85a23db24031945af3cacb2c0b4740e67072
- https://security-tracker.debian.org/tracker/CVE-2018-19134
Frequently Asked Questions
What is CVE-2018-19134?
CVE-2018-19134 is a vulnerability in Artifex Ghostscript through 9.25 that allows a specially crafted PostScript document to execute arbitrary code or crash Ghostscript.
How can the setpattern operator in Artifex Ghostscript be exploited?
The setpattern operator in Artifex Ghostscript through 9.25 can be exploited by a specially crafted PostScript document to crash Ghostscript or execute arbitrary code in the context of the Ghostscript process.
What is the severity of CVE-2018-19134?
CVE-2018-19134 has a severity score of 7.8, indicating a high severity.
Which software versions are affected by CVE-2018-19134?
Artifex Ghostscript through 9.25 is affected by CVE-2018-19134.
How can I mitigate the vulnerability in Artifex Ghostscript?
To mitigate the vulnerability in Artifex Ghostscript, update to version 9.27~dfsg-2+deb10u5 or later.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-19134
- agent/software-canonical-lookup
- collector/security-tracker-debian
- vendor/artifex
- canonical/artifex ghostscript
- version/artifex ghostscript/9.25
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.6
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.6
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- package-manager/redhat
- package-manager/debian