What is CVE-2018-16510?

CVE-2018-16510 is a high-severity vulnerability in Artifex Ghostscript, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2018-09-05.

How severe is CVE-2018-16510?

High severity. CVSS v3 base score is 7.8 out of 10.

Buffer overflow in Artifex Ghostscript

CVE-2018-16510

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecifi…

Vulnerability class: Buffer Overflow

EPSS: 0.017 (74.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Artifex Ghostscript
Artifex Gpl_ghostscript
Canonical Ubuntu_linux — versions 14.04, 16.04, 18.04
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (Patch, Mailing List, Third Party Advisory, x_refsource_MISC, Issue Tracking)
cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
cve@mitre.org (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
cve@mitre.org (Permissions Required, x_refsource_MISC, Issue Tracking)

Frequently asked questions

What is CVE-2018-16510?: CVE-2018-16510 is a high-severity vulnerability in Artifex Ghostscript, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2018-09-05.
How severe is CVE-2018-16510?: High severity. CVSS v3 base score is 7.8 out of 10.