** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24.
The .setdistillerkeys PostScript command is accepted even though it is not
intended for use during document processing (e.g., after the startup
phase). This leads to memory corruption, allowing remote attackers able to
supply crafted PostScript to crash the interpreter or possibly have
unspecified other impact. Note: A reputable source believes that the CVE is
potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla
mdeslaurlooks like these two commits were actually in 9.22
3rd and 4th commits fix a regression
More Information

Updated: 2020-01-29 20:02:30 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)