In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
The product does not correctly convert an object, resource, or structure from one type to a different type.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Debian_linux | Debian | 8.0 (including) | 8.0 (including) |
Debian_linux | Debian | 9.0 (including) | 9.0 (including) |