CVE-2018-16863

Published: 12/3/2018 Last updated: 8/5/2024 Reserved: 9/11/2018

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	7.3	High	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Opam packages affected (1)

conf-ghostscript

Products affected (1)

Product	Vendor	Version
ghostscript	Artifex	< 500ca1da9d0876244eb4d1b0ece6fa0e9968d45d

References (12)

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863
https://access.redhat.com/errata/RHSA-2018:3761
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863
https://access.redhat.com/errata/RHSA-2018:3761
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33