cnvd - cnvd-2020-54493

cnvd-2020-54493

Vulnerability from cnvd

Title: Artifex Ghostscript代码执行漏洞（CNVD-2020-54493）

Description:

Artifex Ghostscript是美国Artifex Software公司的一款开源的PostScript（一种用于电子产业和桌面出版领域的页面描述语言和编程语言）解析器，它可显示Postscript文件以及在非Postscript打印机上打印Postscript文件。

Artifex Ghostscript 9.25之前版本中的异常处理过程存在安全漏洞。攻击者可通过提交特制的PostScript利用该漏洞使用‘pipe’指令执行代码。

Severity: 中

Patch Name: Artifex Ghostscript代码执行漏洞（CNVD-2020-54493）的补丁

Patch Description:

Artifex Ghostscript 9.25之前版本中的异常处理过程存在安全漏洞。攻击者可通过提交特制的PostScript利用该漏洞使用‘pipe’指令执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590；http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47；http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6

Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-16802

Impacted products

Name
Artifex Software Artifex Ghostscript <9.25

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-16802"
    }
  },
  "description": "Artifex Ghostscript\u662f\u7f8e\u56fdArtifex Software\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684PostScript\uff08\u4e00\u79cd\u7528\u4e8e\u7535\u5b50\u4ea7\u4e1a\u548c\u684c\u9762\u51fa\u7248\u9886\u57df\u7684\u9875\u9762\u63cf\u8ff0\u8bed\u8a00\u548c\u7f16\u7a0b\u8bed\u8a00\uff09\u89e3\u6790\u5668\uff0c\u5b83\u53ef\u663e\u793aPostscript\u6587\u4ef6\u4ee5\u53ca\u5728\u975ePostscript\u6253\u5370\u673a\u4e0a\u6253\u5370Postscript\u6587\u4ef6\u3002\n\nArtifex Ghostscript 9.25\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u5f02\u5e38\u5904\u7406\u8fc7\u7a0b\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684PostScript\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u2018pipe\u2019\u6307\u4ee4\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590\uff1bhttp://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47\uff1bhttp://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-54493",
  "openTime": "2020-09-28",
  "patchDescription": "Artifex Ghostscript\u662f\u7f8e\u56fdArtifex Software\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684PostScript\uff08\u4e00\u79cd\u7528\u4e8e\u7535\u5b50\u4ea7\u4e1a\u548c\u684c\u9762\u51fa\u7248\u9886\u57df\u7684\u9875\u9762\u63cf\u8ff0\u8bed\u8a00\u548c\u7f16\u7a0b\u8bed\u8a00\uff09\u89e3\u6790\u5668\uff0c\u5b83\u53ef\u663e\u793aPostscript\u6587\u4ef6\u4ee5\u53ca\u5728\u975ePostscript\u6253\u5370\u673a\u4e0a\u6253\u5370Postscript\u6587\u4ef6\u3002\r\n\r\nArtifex Ghostscript 9.25\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u5f02\u5e38\u5904\u7406\u8fc7\u7a0b\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684PostScript\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u2018pipe\u2019\u6307\u4ee4\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Artifex Ghostscript\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2020-54493\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Artifex Software  Artifex Ghostscript \u003c9.25"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-16802",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-11",
  "title": "Artifex Ghostscript\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2020-54493\uff09"
}

CVE-2018-16802 (GCVE-0-2018-16802)

Vulnerability from cvelistv5

Published

2018-09-10 16:00

Modified

2024-08-05 10:32

Severity ?

CWE

Summary

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

References

▼	URL	Tags
	https://seclists.org/oss-sec/2018/q3/228	mailing-list, x_refsource_MLIST
	https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5812b1b78fc4d36fdc293b7859de69241140d590	x_refsource_CONFIRM
	https://seclists.org/oss-sec/2018/q3/229	x_refsource_MISC
	https://security.gentoo.org/glsa/201811-12	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/3768-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3834	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4294	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html	mailing-list, x_refsource_MLIST
	http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=643b24dbd002fb9c131313253c307cf3951b3d47	x_refsource_MISC
	http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3e5d316b72e3965b7968bb1d96baa137cd063ac6	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:32:53.992Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20180909 Re: Ghostscript 9.24 issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://seclists.org/oss-sec/2018/q3/228"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5812b1b78fc4d36fdc293b7859de69241140d590"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/oss-sec/2018/q3/229"
          },
          {
            "name": "GLSA-201811-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-12"
          },
          {
            "name": "USN-3768-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3768-1/"
          },
          {
            "name": "RHSA-2018:3834",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3834"
          },
          {
            "name": "DSA-4294",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4294"
          },
          {
            "name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=643b24dbd002fb9c131313253c307cf3951b3d47"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3e5d316b72e3965b7968bb1d96baa137cd063ac6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Artifex Ghostscript before 9.25. Incorrect \"restoration of privilege\" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction. This is due to an incomplete fix for CVE-2018-16509."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-18T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20180909 Re: Ghostscript 9.24 issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://seclists.org/oss-sec/2018/q3/228"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5812b1b78fc4d36fdc293b7859de69241140d590"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/oss-sec/2018/q3/229"
        },
        {
          "name": "GLSA-201811-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-12"
        },
        {
          "name": "USN-3768-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3768-1/"
        },
        {
          "name": "RHSA-2018:3834",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3834"
        },
        {
          "name": "DSA-4294",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4294"
        },
        {
          "name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=643b24dbd002fb9c131313253c307cf3951b3d47"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3e5d316b72e3965b7968bb1d96baa137cd063ac6"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-16802",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Artifex Ghostscript before 9.25. Incorrect \"restoration of privilege\" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction. This is due to an incomplete fix for CVE-2018-16509."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20180909 Re: Ghostscript 9.24 issues",
              "refsource": "MLIST",
              "url": "https://seclists.org/oss-sec/2018/q3/228"
            },
            {
              "name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590",
              "refsource": "CONFIRM",
              "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590"
            },
            {
              "name": "https://seclists.org/oss-sec/2018/q3/229",
              "refsource": "MISC",
              "url": "https://seclists.org/oss-sec/2018/q3/229"
            },
            {
              "name": "GLSA-201811-12",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-12"
            },
            {
              "name": "USN-3768-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3768-1/"
            },
            {
              "name": "RHSA-2018:3834",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3834"
            },
            {
              "name": "DSA-4294",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4294"
            },
            {
              "name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
            },
            {
              "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47",
              "refsource": "MISC",
              "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47"
            },
            {
              "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6",
              "refsource": "MISC",
              "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-16802",
    "datePublished": "2018-09-10T16:00:00",
    "dateReserved": "2018-09-10T00:00:00",
    "dateUpdated": "2024-08-05T10:32:53.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted