CVE-2018-16513
It was discovered that the ghostscript did not properly validate the operands passed to the setcolor function. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
Find out more about CVE-2018-16513 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 7.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat OpenShift Enterprise 3.2 | mediawiki | Not affected |
| Red Hat OpenShift Enterprise 3.11 | mediawiki | Not affected |
| Red Hat OpenShift Enterprise 3.1 | mediawiki | Not affected |
| Red Hat OpenShift Enterprise 3.0 | mediawiki | Not affected |
| Red Hat OpenShift Container Platform 3.9 | mediawiki | Not affected |
| Red Hat OpenShift Container Platform 3.7 | mediawiki | Not affected |
| Red Hat OpenShift Container Platform 3.6 | mediawiki | Not affected |
| Red Hat OpenShift Container Platform 3.5 | mediawiki | Not affected |
| Red Hat OpenShift Container Platform 3.4 | mediawiki | Not affected |
| Red Hat OpenShift Container Platform 3.3 | mediawiki | Not affected |
| Red Hat Enterprise Linux 7 | ghostscript | Not affected |
| Red Hat Enterprise Linux 6 | ghostscript | Not affected |
Acknowledgements
Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.Mitigation
Please see https://bugzilla.redhat.com/show_bug.cgi?id=1619748#c3