ID CVE-2018-16509
Summary An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:-:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:-:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.50:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.50:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.51:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.51:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.54:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.54:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.56:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.57:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.60:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.60:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.61:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.61:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.62:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.62:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.63:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.63:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.64:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.64:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.70:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.70:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.71:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.71:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:9.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:9.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:9.02:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:9.02:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:9.04:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:9.04:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 1619748
    title CVE-2018-16509 ghostscript: /invalidaccess bypass after failed restore (699654)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment ghostscript is earlier than 0:8.70-24.el6_10.2
          oval oval:com.redhat.rhsa:tst:20183760009
        • comment ghostscript is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095013
      • AND
        • comment ghostscript-devel is earlier than 0:8.70-24.el6_10.2
          oval oval:com.redhat.rhsa:tst:20183760011
        • comment ghostscript-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095017
      • AND
        • comment ghostscript-doc is earlier than 0:8.70-24.el6_10.2
          oval oval:com.redhat.rhsa:tst:20183760005
        • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095019
      • AND
        • comment ghostscript-gtk is earlier than 0:8.70-24.el6_10.2
          oval oval:com.redhat.rhsa:tst:20183760007
        • comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095015
    rhsa
    id RHSA-2018:3760
    released 2018-12-03
    severity Important
    title RHSA-2018:3760: ghostscript security update (Important)
  • rhsa
    id RHSA-2018:2918
rpms
  • ghostscript-0:9.07-29.el7_5.2
  • ghostscript-cups-0:9.07-29.el7_5.2
  • ghostscript-devel-0:9.07-29.el7_5.2
  • ghostscript-doc-0:9.07-29.el7_5.2
  • ghostscript-gtk-0:9.07-29.el7_5.2
  • ghostscript-0:8.70-24.el6_10.2
  • ghostscript-devel-0:8.70-24.el6_10.2
  • ghostscript-doc-0:8.70-24.el6_10.2
  • ghostscript-gtk-0:8.70-24.el6_10.2
refmap via4
bid 105122
confirm http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764
debian DSA-4294
exploit-db 45369
gentoo GLSA-201811-12
misc
mlist [debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update
ubuntu USN-3768-1
Last major update 03-10-2019 - 00:03
Published 05-09-2018 - 06:29
Back to Top