CVE-2018-16585

Priority
Description
An issue was discovered in Artifex Ghostscript before 9.24. The
.setdistillerkeys PostScript command is accepted even though it is not
intended for use during document processing (e.g., after the startup
phase). This leads to memory corruption, allowing remote attackers able to
supply crafted PostScript to crash the interpreter or possibly have
unspecified other impact.
Notes
 mdeslaur> looks like these two commits were actually in 9.22
 mdeslaur> 3rd and 4th commits fix a regression
More Information

Updated: 2019-01-14 22:31:30 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)