CVE-2018-16802

MEDIUM

Description

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

References

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47

https://access.redhat.com/errata/RHSA-2018:3834

https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590

https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html

https://seclists.org/oss-sec/2018/q3/228

https://seclists.org/oss-sec/2018/q3/229

https://security.gentoo.org/glsa/201811-12

https://usn.ubuntu.com/3768-1/

https://www.debian.org/security/2018/dsa-4294

Details

Source: MITRE

Published: 2018-09-10

Updated: 2019-03-07

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
127227	NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0046)	Nessus	NewStart CGSL Local Security Checks	high
124887	EulerOS Virtualization for ARM 64 3.0.1.0 : ghostscript (EulerOS-SA-2019-1384)	Nessus	Huawei Local Security Checks	high
123895	EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1209)	Nessus	Huawei Local Security Checks	high
123891	EulerOS Virtualization 2.5.3 : ghostscript (EulerOS-SA-2019-1205)	Nessus	Huawei Local Security Checks	high
123326	openSUSE Security Update : ghostscript (openSUSE-2019-759)	Nessus	SuSE Local Security Checks	high
122376	EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2019-1049)	Nessus	Huawei Local Security Checks	high
122169	EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-1022)	Nessus	Huawei Local Security Checks	high
121276	EulerOS Virtualization 2.5.1 : ghostscript (EulerOS-SA-2019-1016)	Nessus	Huawei Local Security Checks	high
120992	EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1004)	Nessus	Huawei Local Security Checks	high
120767	Fedora 28 : ghostscript (2018-c39ae23dc8)	Nessus	Fedora Local Security Checks	medium
120572	Fedora 29 : ghostscript (2018-81ee973d7c)	Nessus	Fedora Local Security Checks	medium
120116	SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2018:2976-1)	Nessus	SuSE Local Security Checks	high
119901	EulerOS Virtualization 2.5.2 : ghostscript (EulerOS-SA-2018-1412)	Nessus	Huawei Local Security Checks	high
119883	Scientific Linux Security Update : ghostscript on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
119757	Oracle Linux 7 : ghostscript (ELSA-2018-3834)	Nessus	Oracle Linux Local Security Checks	high
119754	CentOS 7 : ghostscript (CESA-2018:3834)	Nessus	CentOS Local Security Checks	high
119736	RHEL 7 : ghostscript (RHSA-2018:3834)	Nessus	Red Hat Local Security Checks	high
119132	GLSA-201811-12 : GPL Ghostscript: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
118298	SUSE SLES12 Security Update : ghostscript (SUSE-SU-2018:2975-2)	Nessus	SuSE Local Security Checks	high
118043	Amazon Linux 2 : ghostscript (ALAS-2018-1088)	Nessus	Amazon Linux Local Security Checks	high
117980	openSUSE Security Update : ghostscript (openSUSE-2018-1123)	Nessus	SuSE Local Security Checks	high
117979	openSUSE Security Update : ghostscript (openSUSE-2018-1122)	Nessus	SuSE Local Security Checks	high
117901	SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2018:2975-1)	Nessus	SuSE Local Security Checks	high
117596	Artifex Ghostscript < 9.25 PostScript Code Execution Vulnerability	Nessus	Windows	high
117595	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : ghostscript vulnerabilities (USN-3768-1)	Nessus	Ubuntu Local Security Checks	high
117504	Debian DSA-4294-1 : ghostscript - security update	Nessus	Debian Local Security Checks	high
117487	Debian DLA-1504-1 : ghostscript security update	Nessus	Debian Local Security Checks	high