Project

General

Profile

Bug #9383

Bug #9381: ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911)

[3.8] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911)

Added by Alicha CH 8 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
09/04/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript
through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted PDF document.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-10194
http://www.openwall.com/lists/oss-security/2018/04/19/5

Patch:

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879

CVE-2018-15908: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious
PostScript files to bypass .tempfile restrictions and write files.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-15908

Patch:

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3

CVE-2018-15909: In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by
attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-15909

Patches:

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6

CVE-2018-15910: In Artifex Ghostscript 9.23 before 2018-08-23, attackers able to supply crafted PostScript files
could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-15910

Patch:

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880

CVE-2018-15911: In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized
memory access in the aesdecode operator to crash the interpreter or potentially execute code.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-15911

Patch:

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f

Associated revisions

Revision 5e753b12 (diff)
Added by Andy Postnikov 7 months ago

main/ghostscript: security upgrade to 9.24

CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911
CVE-2018-10194

fixes #9383

(cherry picked from commit c13758613f3110e14c2e9eda818406f235d996c1)

History

#1 Updated by Andy Postnikov 7 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 7 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911)

Also available in: Atom PDF