CVE-2018-19134

HIGH Year: 2018
CVSS v3 Score
7.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-704
View all →

Vulnerability Description

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.

Related Vulnerabilities

CVE-2014-9627

HIGH
CVSS:7.8(High)

The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows rem...

CWE-7042014

CVE-2016-4709

HIGH
CVSS:7.8(High)

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.

CWE-7042016

CVE-2016-4710

HIGH
CVSS:7.8(High)

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.

CWE-7042016

CVE-2016-7617

HIGH
CVSS:7.8(High)

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context...

CWE-7042016

CVE-2016-7655

HIGH
CVSS:7.8(High)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users ...

CWE-7042016

CVE-2016-8602

HIGH
CVSS:7.8(High)

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript...

CWE-7042016