CVE-2018-16585 (retired)

Priority
Description
An issue was discovered in Artifex Ghostscript before 9.24. The
.setdistillerkeys PostScript command is accepted even though it is not
intended for use during document processing (e.g., after the startup
phase). This leads to memory corruption, allowing remote attackers able to
supply crafted PostScript to crash the interpreter or possibly have
unspecified other impact.
Notes
 mdeslaur> looks like these two commits were actually in 9.22
 mdeslaur> 3rd and 4th commits fix a regression
More Information

Updated: 2019-03-26 12:27:11 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)