QwikSec

Security Database

CVE

CWE

Training

CVE-2018-16802

Published: Sep 10, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20180909 Re: Ghostscript 9.24 issues

mailing-list

x_refsource_MLIST

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5812b1b78fc4d36fdc293b7859de69241140d590

x_refsource_CONFIRM

https://seclists.org/oss-sec/2018/q3/229

x_refsource_MISC

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update

mailing-list

x_refsource_MLIST

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=643b24dbd002fb9c131313253c307cf3951b3d47

x_refsource_MISC

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3e5d316b72e3965b7968bb1d96baa137cd063ac6

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.