CVE-2018-16802

Published: 10 September 2018

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
ghostscript Launchpad, Ubuntu, Debian	Upstream	Needs triage




	Ubuntu 18.04 LTS (Bionic Beaver)	Released (9.22~dfsg+1-0ubuntu1.2)
	Ubuntu 16.04 ESM (Xenial Xerus)	Released (9.18~dfsg~0-0ubuntu2.9)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [9.10~dfsg-0ubuntu10.13])
	Patches: Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5812b1b78fc4d36fdc293b7859de69241140d590 Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e914f1da46e33decc534486598dc3eadf69e6efb Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6 Upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2018-16802

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading