CVE-2018-16802

Impact:
Important
Public Date:
2018-09-12
CWE:
CWE-20
Bugzilla:
1627959: CVE-2018-16802 ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling

The MITRE CVE dictionary describes this issue as:

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Find out more about CVE-2018-16802 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5 and 6.

CVSS v3 metrics

CVSS3 Base Score 7.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (ghostscript) RHSA-2018:3834 2018-12-17

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 ghostscript Not affected
Red Hat Enterprise Linux 6 ghostscript Not affected
Red Hat Enterprise Linux 5 ghostscript Not affected

Mitigation

Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509

Last Modified

CVE description copyright © 2017, The MITRE Corporation