An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in ztype could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
Weakness
The product does not correctly convert an object, resource, or structure from one type to a different type.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Debian_linux | Debian | 8.0 (including) | 8.0 (including) |
| Debian_linux | Debian | 9.0 (including) | 9.0 (including) |
| Red Hat Enterprise Linux 7 | RedHat | ghostscript-0:9.07-31.el7_6.1 | * |
| Ghostscript | Ubuntu | bionic | * |
| Ghostscript | Ubuntu | devel | * |
| Ghostscript | Ubuntu | esm-infra/bionic | * |
| Ghostscript | Ubuntu | esm-infra/xenial | * |
| Ghostscript | Ubuntu | trusty | * |
| Ghostscript | Ubuntu | upstream | * |
| Ghostscript | Ubuntu | xenial | * |
References
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0edd3d6c634a577db261615a9dc2719bca7f6e01
- http://seclists.org/oss-sec/2018/q3/182
- https://access.redhat.com/errata/RHSA-2018:3650
- https://bugs.ghostscript.com/show_bug.cgi?id=699659
- https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
- https://security.gentoo.org/glsa/201811-12
- https://usn.ubuntu.com/3768-1/
- https://www.artifex.com/news/ghostscript-security-resolved/
- https://www.debian.org/security/2018/dsa-4288
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0edd3d6c634a577db261615a9dc2719bca7f6e01
- http://seclists.org/oss-sec/2018/q3/182
- https://access.redhat.com/errata/RHSA-2018:3650
- https://bugs.ghostscript.com/show_bug.cgi?id=699659
- https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
- https://security.gentoo.org/glsa/201811-12
- https://usn.ubuntu.com/3768-1/
- https://www.artifex.com/news/ghostscript-security-resolved/
- https://www.debian.org/security/2018/dsa-4288