CVE-2018-16509
published 2018-12-03CVE-2018-16509: It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
ITWEXPLOIT
Exploited in the wild
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | < 9.25 | 9.25 |
| artifex | ghostscript | < 9.24 | 9.24 |
| artifex | ghostscript | — | — |
| artifex | ghostscript | — | — |
| artifex | ghostscript | >= 0 < 9.25~dfsg-1 | 9.25~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.25~dfsg-1 | 9.25~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.25~dfsg-1 | 9.25~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.25~dfsg-1 | 9.25~dfsg-1 |
| artifex | gpl_ghostscript | < 9.26 | 9.26 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | ghostscript | < ghostscript 9.25~dfsg-1 (bookworm) | ghostscript 9.25~dfsg-1 (bookworm) |
| debian | ghostscript | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vulncheck7.8HIGH