Published: 10/09/2018 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in Artifex Ghostscript prior to 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex ghostscript
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux server tus 7.6
redhat enterprise linux server eus 7.6
redhat enterprise linux server aus 7.6

Synopsis Important: ghostscript security and bug fix update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

Several security issues were fixed in Ghostscript ...

It was discovered that the ghostscript shfill operator did not properly validate certain types An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document(CVE-2018-15909) An issue was discovered in Artife ...

An issue was discovered in Artifex Ghostscript before 925 Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction This is due to an incomplete fix for CVE-2018-16509 ...

Exploitchain of my livedemo from my Security Expedition in b0rkenland talk

PoC-Exploitchain-GS-VBox-DirtyCow- Exploitchain of my livedemo from my Security Expedition in b0rkenland talk TODO Add example Exploit Files This Exploit Chain consists of the Following Exploits: Ghostcript RCE CVE-2018-16802 Virtualbox Escape - CVE CVE-2018-2844 Dirty Cow - CVE-2016-5195 Machine Setup Host System: Ubuntu 16044 – unpatched VirtualBox 526r120293 Gue

NVD-CWE-noinfo https://seclists.org/oss-sec/2018/q3/229 https://seclists.org/oss-sec/2018/q3/228 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://www.debian.org/security/2018/dsa-4294 https://usn.ubuntu.com/3768-1/https://security.gentoo.org/glsa/201811-12 https://access.redhat.com/errata/RHSA-2018:3834 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5812b1b78fc4d36fdc293b7859de69241140d590 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=643b24dbd002fb9c131313253c307cf3951b3d47 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3e5d316b72e3965b7968bb1d96baa137cd063ac6 https://access.redhat.com/errata/RHSA-2018:3834 https://nvd.nist.gov https://usn.ubuntu.com/3768-1/

CVE-2018-16802

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect