CVE-2018-16802

Publication date 10 September 2018

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ghostscript	18.04 LTS bionic	Fixed 9.22~dfsg+1-0ubuntu1.2
	16.04 LTS xenial	Fixed 9.18~dfsg~0-0ubuntu2.9
	14.04 LTS trusty	Fixed 9.10~dfsg-0ubuntu10.13

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
ghostscript	Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5812b1b78fc4d36fdc293b7859de69241140d590 Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e914f1da46e33decc534486598dc3eadf69e6efb Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6 Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47

Package

Patch details

ghostscript

Severity score breakdown

Parameter	Value
Base score	7.8 · High
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

USN-3768-1
Ghostscript vulnerabilities
19 September 2018

CVE-2018-16802

Cvss 3 Severity Score

Status

Patch details

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references