CVE-2018-16802Improper Input Validation in Ghostscript

CWE-20Improper Input Validation9 documents8 sources
Severity
7.8HIGHNVD
EPSS
1.0%
top 23.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Artifex GhostscriptCanonical Ubuntu LinuxDebian Linux+6 more
Timeline
PublishedSep 10
Latest updateMay 13

Description

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

Debianartifex/ghostscript< 9.25~dfsg-1+3

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 7.6

🔴Vulnerability Details

3
GHSA
GHSA-r3qx-w5mm-cr27: An issue was discovered in Artifex Ghostscript before 92022-05-13
CVEList
CVE-2018-16802: An issue was discovered in Artifex Ghostscript before 92018-09-10
OSV
CVE-2018-16802: An issue was discovered in Artifex Ghostscript before 92018-09-10

📋Vendor Advisories

3
Ubuntu
Ghostscript vulnerabilities2018-09-19
Red Hat
ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling2018-09-12
Debian
CVE-2018-16802: ghostscript - An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restorati...2018

💬Community

2
Bugzilla
CVE-2018-16802 ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling [fedora-all]2018-09-12
Bugzilla
CVE-2018-16802 ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling2018-09-12
CVE-2018-16802 — Improper Input Validation | cvebase