Artifex Ghostscript is vulnerable to denial of service(DoS) attacks. This is because the ghostscript does not properly handle certain stack overflow error conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
CPE | Name | Operator | Version |
---|---|---|---|
ghostscript | eq | 9.07__20.el7_3.1 | |
ghostscript | eq | 9.07__28.el7_4.2 | |
ghostscript | eq | 9.07__20.el7_3.1 | |
ghostscript | eq | 9.07__28.el7_4.2 |
git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
seclists.org/oss-sec/2018/q3/182
www.securityfocus.com/bid/105337
access.redhat.com/errata/RHSA-2018:2918
access.redhat.com/security/updates/classification/#important
bugs.ghostscript.com/show_bug.cgi?id=699668
lists.debian.org/debian-lts-announce/2018/09/msg00015.html
security.gentoo.org/glsa/201811-12
usn.ubuntu.com/3768-1/
www.debian.org/security/2018/dsa-4288