In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-20T22:00:00

Updated: 2024-08-05T11:30:03.970Z

Reserved: 2018-11-09T00:00:00

Link: CVE-2018-19134

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-12-20T23:29:00.910

Modified: 2024-11-21T03:57:23.853

Link: CVE-2018-19134

cve-icon Redhat

Severity : Important

Publid Date: 2018-11-20T00:00:00Z

Links: CVE-2018-19134 - Bugzilla