Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-16802

Опубликовано: 12 сент. 2018
Источник: redhat
CVSS3: 7.3

Описание

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Отчет

This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5 and 6.

Меры по смягчению последствий

Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ghostscriptNot affected
Red Hat Enterprise Linux 6ghostscriptNot affected
Red Hat Enterprise Linux 8ghostscriptNot affected
Red Hat Enterprise Linux 7ghostscriptFixedRHSA-2018:383417.12.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1627959ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-16802

CVSS3: 7.8
ubuntu
около 7 лет назад

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

nvd логотип

CVE-2018-16802

CVSS3: 7.8
nvd
около 7 лет назад

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

debian логотип

CVE-2018-16802

CVSS3: 7.8
debian
около 7 лет назад

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect ...

github логотип

GHSA-r3qx-w5mm-cr27

CVSS3: 7.8
github
больше 3 лет назад

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

fstec логотип

BDU:2019-04351

CVSS3: 7.8
fstec
около 7 лет назад

Уязвимость набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнить произвольный код

7.3 High

CVSS3