QwikSec

Security Database

CVE

CWE

Training

CVE-2018-16509

Published: Sep 5, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33662a2afdc377159f70218e67bde5

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

https://bugs.ghostscript.com/show_bug.cgi?id=699654

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486a6595c43f1de1cd7ade696020a31

x_refsource_MISC

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_UBUNTU

https://www.artifex.com/news/ghostscript-security-resolved/

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

http://seclists.org/oss-sec/2018/q3/142

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d590b4a91afac2e8417360b934156

x_refsource_MISC

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=520bb0ea7519aa3e79db78aaf0589dae02103764

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.