CVE Vulnerabilities

CVE-2018-15910

Incorrect Type Conversion or Cast

Published: Aug 27, 2018 | Modified: Nov 05, 2019
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7.3 IMPORTANT
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Ubuntu

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

Weakness

The software does not correctly convert an object, resource, or structure from one type to a different type.

Affected Software

Name Vendor Start Version End Version
Debian_linux Debian 8.0 8.0
Debian_linux Debian 9.0 9.0
Red Hat Enterprise Linux 7 RedHat ghostscript-0:9.07-29.el7_5.2 *
Ghostscript Ubuntu bionic *
Ghostscript Ubuntu devel *
Ghostscript Ubuntu esm-infra/xenial *
Ghostscript Ubuntu trusty *
Ghostscript Ubuntu upstream *
Ghostscript Ubuntu xenial *

References