Your submission was sent successfully! Close

CVE-2018-16802

Published: 10 September 2018

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
bionic
Released (9.22~dfsg+1-0ubuntu1.2)
precise Does not exist

trusty Does not exist
(trusty was released [9.10~dfsg-0ubuntu10.13])
upstream Needs triage

xenial
Released (9.18~dfsg~0-0ubuntu2.9)