Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-16863

Опубликовано: 03 дек. 2018
Источник: redhat
CVSS3: 7.3
EPSS Низкий

Описание

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document.

Отчет

This vulnerability affects only Red Hat Enterprise Linux version 7. Red Hat Enterprise Linux version 6 is not affected by this vulnerability because the set of fixes for CVE-2018-16509, released via RHSA-2018:3760, was complete.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-184
https://bugzilla.redhat.com/show_bug.cgi?id=1652893ghostscript: incomplete fix for CVE-2018-16509

EPSS

Процентиль: 25%
0.00083
Низкий

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-16863

CVSS3: 7.3
ubuntu
почти 7 лет назад

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

nvd логотип

CVE-2018-16863

CVSS3: 7.3
nvd
почти 7 лет назад

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

debian логотип

CVE-2018-16863

CVSS3: 7.3
debian
почти 7 лет назад

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An ...

github логотип

GHSA-83g5-f7jm-c8fc

CVSS3: 7.8
github
больше 3 лет назад

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

oracle-oval логотип

ELSA-2018-3761

oracle-oval
почти 7 лет назад

ELSA-2018-3761: ghostscript security and bug fix update (IMPORTANT)

EPSS

Процентиль: 25%
0.00083
Низкий

7.3 High

CVSS3

Уязвимость CVE-2018-16863