漏洞标题
N/A
漏洞描述信息
**争议性** 在9.24之前,Artifex Ghostscript发现了一个问题。尽管.setdistillerkeys PostScript命令不被设计用于文档处理过程中(例如,在启动阶段后),但仍然被接受。这导致内存 corruption,使远程攻击者能够生成特定的 PostScript并崩溃解释器,或者可能产生未描述的其他影响。注意:一位可靠的来源认为,CVE可能是CVE-2018-15910的副本,正如Red Hat bugzilla(https://bugzilla.redhat.com/show_bug.cgi?id=1626193)中所述。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193)
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Artifex Software Ghostscript 缓冲区错误漏洞
漏洞描述信息
Artifex Software Ghostscript是美国Artifex Software公司的一款开源的PostScript(一种用于电子产业和桌面出版领域的页面描述语言和编程语言)解析器。该产品可显示Postscript文件以及在非Postscript打印机上打印Postscript文件。 Artifex Ghostscript 9.24之前版本中存在缓冲区错误漏洞,该漏洞源于在处理文档时,程序接收了本不应该使用的.setdistillerkeys PostScript命令。远程攻击者可通过提交特
CVSS信息
N/A
漏洞类别
缓冲区错误