UBUNTU-CVE-2018-19134
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 20 Dec 2018, 23:29
Last modified:22 Apr 2026, 11:49
Vulnerability Summary
Overall Risk (default)
medium
31/100 CVSS Score
7.8 HIGH
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
20 Dec 2018, 23:29
Published
Vulnerability first disclosed
22 Apr 2026, 11:49
Last Modified
Vulnerability information updated
Description
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
CVSS Metrics
- v3.0•HIGH•Score: 7.8CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Systems
- ubuntu•ghostscript
< 9.26~dfsg+0-0ubuntu0.14.04.1 | < 9.26~dfsg+0-0ubuntu0.16.04.1 | < 9.26~dfsg+0-0ubuntu0.18.04.1