CESA-2018:2918 -- centos 7 ghostscriptID: oval:org.secpod.oval:def:204890 | Date: (C)2018-10-17 (M)2024-05-22 |
Class: PATCH | Family: unix |
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. * ghostscript: LockDistillerParams type confusion * ghostscript: .definemodifiedfont memory corruption if /typecheck is handled * ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix function in gdevpdts.c For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank Tavis Ormandy for reporting CVE-2018-16509, CVE-2018-15910, and CVE-2018-16542.