It was discovered that ghostscript did not properly handle certain error conditions related to the SC and CS PDF operators. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
Find out more about CVE-2018-16510 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 7.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | ghostscript | Not affected |
| Red Hat Enterprise Linux 6 | ghostscript | Not affected |
| Red Hat Enterprise Linux 5 | ghostscript | Not affected |
Vulmon