Source: ghostscript Version: 9.06~dfsg-2 Severity: grave Tags: patch security upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699255
Hi, The following vulnerability was published for ghostscript. CVE-2018-10194[0]: | The set_text_distance function in devices/vector/gdevpdts.c in the | pdfwrite component in Artifex Ghostscript through 9.22 does not prevent | overflows in text-positioning calculation, which allows remote | attackers to cause a denial of service (application crash) or possibly | have unspecified other impact via a crafted PDF document. Unfortunately the upstream report at [1] ist not (yet) public, but the commit upstream report association is given by the commit at [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10194 [1] https://bugs.ghostscript.com/show_bug.cgi?id=699255 [2] http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 Regards, Salvatore