Vulnerability Details : CVE-2018-16802
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2018-16802
Probability of exploitation activity in the next 30 days: 0.32%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-16802
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2018-16802
-
https://usn.ubuntu.com/3768-1/
USN-3768-1: Ghostscript vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://seclists.org/oss-sec/2018/q3/228
oss-sec: Re: Ghostscript 9.24 issuesMailing List;Third Party Advisory
-
https://seclists.org/oss-sec/2018/q3/229
oss-sec: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default?Mailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
[SECURITY] [DLA 1504-1] ghostscript security updateMailing List;Third Party Advisory
-
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
git.ghostscript.com Git - ghostpdl.git/commitThird Party Advisory
-
https://security.gentoo.org/glsa/201811-12
GPL Ghostscript: Multiple vulnerabilities (GLSA 201811-12) — Gentoo securityThird Party Advisory
-
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
git.ghostscript.com Git - ghostpdl.git/commitdiffPatch;Third Party Advisory
-
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
git.ghostscript.com Git - ghostpdl.git/commitThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3834
RHSA-2018:3834 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4294
Debian -- Security Information -- DSA-4294-1 ghostscriptThird Party Advisory
Products affected by CVE-2018-16802
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*