In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
The product does not correctly convert an object, resource, or structure from one type to a different type.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ghostscript | Artifex | * | 9.25 (including) |
| Ghostscript | Ubuntu | bionic | * |
| Ghostscript | Ubuntu | cosmic | * |
| Ghostscript | Ubuntu | devel | * |
| Ghostscript | Ubuntu | trusty | * |
| Ghostscript | Ubuntu | upstream | * |
| Ghostscript | Ubuntu | xenial | * |
| Red Hat Enterprise Linux 7 | RedHat | ghostscript-0:9.07-31.el7_6.6 | * |