Vulnerability Description
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 8.0 |
| Artifex | Ghostscript | < 9.24 |
| Canonical | Ubuntu Linux | 14.04 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Eus | 7.5 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Artifex | Gpl Ghostscript | < 9.26 |
References
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33662a2afdc3
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d590b4a91af
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486a6595c43f1
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=520bb0ea7519aa3e79
- http://seclists.org/oss-sec/2018/q3/142ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/105122Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:2918Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3760Third Party Advisory
- https://bugs.ghostscript.com/show_bug.cgi?id=699654Issue TrackingPermissions RequiredThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00015.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/201811-12Third Party Advisory
- https://usn.ubuntu.com/3768-1/Third Party Advisory
- https://www.artifex.com/news/ghostscript-security-resolved/Vendor Advisory
- https://www.debian.org/security/2018/dsa-4294Third Party Advisory
- https://www.exploit-db.com/exploits/45369/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-16509?
CVE-2018-16509 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted...
How severe is CVE-2018-16509?
CVE-2018-16509 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16509?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Artifex Ghostscript, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.