CVE-2018-16509

Published: 05 September 2018

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
ghostscript Launchpad, Ubuntu, Debian	Upstream	Needs triage




	Ubuntu 18.04 LTS (Bionic Beaver)	Released (9.22~dfsg+1-0ubuntu1.2)
	Ubuntu 16.04 ESM (Xenial Xerus)	Released (9.18~dfsg~0-0ubuntu2.9)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [9.10~dfsg-0ubuntu10.13])
	Patches: Upstream: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=43711760b611b1a8e17f3490e3b58914508098f9 (bp) Upstream: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156 Upstream: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5 Upstream: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31 Upstream: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519aa3e79db78aaf0589dae02103764

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›