CVE-2018-16510

Sažetak

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.

Reference

http://openwall.com/lists/oss-security/2018/08/27/4
https://bugs.ghostscript.com/show_bug.cgi?id=699671
https://usn.ubuntu.com/3768-1/
https://usn.ubuntu.com/3773-1/
https://security.gentoo.org/glsa/201811-12
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ea735ba37dc0fd5f5622d031830b9a559dec1cc9

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-11-2023 - 02:53

Objavljeno

05-09-2018 - 06:29