An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
Published 2018-09-05 06:29:00
Updated 2019-10-03 00:03:26
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Execute code

Products affected by CVE-2018-16509

Exploit prediction scoring system (EPSS) score for CVE-2018-16509

97.27%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2018-16509

  • Ghostscript Failed Restore Command Execution
    Disclosure Date: 2018-08-21
    First seen: 2020-04-26
    exploit/multi/fileformat/ghostscript_failed_restore
    This module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore (grestore) in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick. Au

CVSS scores for CVE-2018-16509

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST
7.8
HIGH CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.8
5.9
NIST

References for CVE-2018-16509

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!