SUSE-SU-2018:3330-1 -- SLES ghostscriptID: oval:org.secpod.oval:def:89002407 | Date: (C)2021-02-26 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in quot;ztypequot; could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. - CVE-2018-16540: Attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. - CVE-2018-16541: Attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. - CVE-2018-16542: Attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. - CVE-2018-16509: Incorrect quot;restoration of privilegequot; checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the quot;pipequot; instruction
Platform: |
SUSE Linux Enterprise Server 11 SP4 |