Incorrect Type Conversion or Cast

CVE-2018-19134

High

7.8/10

Summary

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-704 - Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

References

Advisory Timeline

Published Dec 20, 2018

Incorrect Type Conversion or Cast

CVE-2018-19134

Summary

CWE-704 - Incorrect Type Conversion or Cast

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS