** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24.
The .setdistillerkeys PostScript command is accepted even though it is not
intended for use during document processing (e.g., after the startup
phase). This leads to memory corruption, allowing remote attackers able to
supply crafted PostScript to crash the interpreter or possibly have
unspecified other impact. Note: A reputable source believes that the CVE is
potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla
mdeslaurlooks like these two commits were actually in 9.22
3rd and 4th commits fix a regression
More Information

Updated: 2020-07-28 20:04:16 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)