advisories/22931.adv

type: security
subject: Updated ghostscript packages fix security vulnerability
CVE:
 - CVE-2018-10194
src:
  5:
   core:
     - ghostscript-9.23-1.mga5
  6:
   core:
     - ghostscript-9.23-1.mga6
description: |
  The set_text_distance function in devices/vector/gdevpdts.c in the
  pdfwrite component in Artifex Ghostscript through 9.22 does not prevent
  overflows in text-positioning calculation, which allows remote attackers
  to cause a denial of service (application crash) or possibly have
  unspecified other impact via a crafted PDF document (CVE-2018-10194).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=22931
 - http://openwall.com/lists/oss-security/2018/04/19/5
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KAA4HM5ZWQWEFKXJK72E6S3MLTY2VN36/
ID: MGASA-2018-0219
1	type: security
2	subject: Updated ghostscript packages fix security vulnerability
3	CVE:
4	- CVE-2018-10194
5	src:
6	5:
7	core:
8	- ghostscript-9.23-1.mga5
9	6:
10	core:
11	- ghostscript-9.23-1.mga6
12	description: \|
13	The set_text_distance function in devices/vector/gdevpdts.c in the
14	pdfwrite component in Artifex Ghostscript through 9.22 does not prevent
15	overflows in text-positioning calculation, which allows remote attackers
16	to cause a denial of service (application crash) or possibly have
17	unspecified other impact via a crafted PDF document (CVE-2018-10194).
18	references:
19	- https://bugs.mageia.org/show_bug.cgi?id=22931
20	- http://openwall.com/lists/oss-security/2018/04/19/5
21	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KAA4HM5ZWQWEFKXJK72E6S3MLTY2VN36/
22	ID: MGASA-2018-0219