Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 655404 (CVE-2018-10194) - <app-text/ghostscript-gpl-9.25: Stack-based out-of-bounds write in pdf_set_text_matrix function in gdevpdts.c (CVE-2018-10194)
Summary: <app-text/ghostscript-gpl-9.25: Stack-based out-of-bounds write in pdf_set_te...
Alias: CVE-2018-10194
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa+ cve]
Depends on: CVE-2017-9610, CVE-2017-9611, CVE-2017-9612, CVE-2017-9618, CVE-2017-9619, CVE-2017-9620, CVE-2017-9726, CVE-2017-9727, CVE-2017-9739, CVE-2017-9740, CVE-2017-9835
  Show dependency tree
Reported: 2018-05-10 15:59 UTC by Ian Zimmerman
Modified: 2018-11-24 19:49 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Ian Zimmerman 2018-05-10 15:59:34 UTC
According to this posting [1] in oss-security:

The set_text_distance function in devices/vector/gdevpdts.c in the
pdfwrite component in Artifex Ghostscript through 9.22 does not prevent
overflows in text-positioning calculation, which allows remote attackers
to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted PDF document.

Upstream bug is in [2], but not publicly accessible, it seems.


Comment 1 Teika kazura 2018-09-20 23:51:42 UTC
This upstream commit [1] fixes this bug (i.e. upstream 699255), which is included in 9.25.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2018-11-24 19:49:36 UTC
This issue was resolved and addressed in
 GLSA 201811-12 at
by GLSA coordinator Aaron Bauman (b-man).