Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-16802

Опубликовано: 10 сент. 2018
Источник: debian

Описание

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ghostscriptfixed9.25~dfsg-1~exp1experimentalpackage
ghostscriptfixed9.25~dfsg-1package

Примечания

  • https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6

  • https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47

  • https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590

Связанные уязвимости

ubuntu логотип

CVE-2018-16802

CVSS3: 7.8
ubuntu
около 7 лет назад

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

redhat логотип

CVE-2018-16802

CVSS3: 7.3
redhat
около 7 лет назад

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

nvd логотип

CVE-2018-16802

CVSS3: 7.8
nvd
около 7 лет назад

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

github логотип

GHSA-r3qx-w5mm-cr27

CVSS3: 7.8
github
больше 3 лет назад

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

fstec логотип

BDU:2019-04351

CVSS3: 7.8
fstec
около 7 лет назад

Уязвимость набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнить произвольный код