Your submission was sent successfully! Close

CVE-2018-16802

Published: 10 September 2018

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (9.22~dfsg+1-0ubuntu1.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (9.18~dfsg~0-0ubuntu2.9)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [9.10~dfsg-0ubuntu10.13])
Patches:
Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5812b1b78fc4d36fdc293b7859de69241140d590
Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e914f1da46e33decc534486598dc3eadf69e6efb
Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47