Ghostscript is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code or crash the affected application, resulting in denial-of-service conditions.
Information
Redhat Enterprise Linux 5
Ghostscript Ghostscript 8.15.2
Ghostscript Ghostscript 8.0.1
Ghostscript Ghostscript 9.24
Ghostscript Ghostscript 9.23
Ghostscript Ghostscript 9.20
Ghostscript Ghostscript 9.19
Ghostscript Ghostscript 9.18
Ghostscript Ghostscript 9.10
Ghostscript Ghostscript 9.05
Ghostscript Ghostscript 9.04
Ghostscript Ghostscript 8.71
Ghostscript Ghostscript 8.70
Ghostscript Ghostscript 8.64
Ghostscript Ghostscript 8.61
Ghostscript Ghostscript 8.60
Ghostscript Ghostscript 8.57
Ghostscript Ghostscript 8.56
Ghostscript Ghostscript 8.54
Ghostscript Ghostscript 8.15
Ghostscript Ghostscript 8 64
Ghostscript Ghostscript 7.07
Ghostscript Ghostscript 7.05
Artifex Ghostscript 9.25
Artifex Ghostscript 9.22
Artifex Ghostscript 9.21
Exploit
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
References:
- Bug 1655599 (CVE-2018-19134) - CVE-2018-19134 ghostscript: Type confusion in set (Red Hat Bugzilla)
- CVE-2018-19134 (Red Hat Bugzilla)
- Ghostscript Homepage (Ghostscript)
- PS interpreter - check the Implementation of a Pattern before use (Ghostscript)
- Vulnerabilities in Ghostscript Interpreter Used to Process Postscript and PDF Fi (Semmle)