Lucene search

K

[email protected]NVD:CVE-2018-16509

HistorySep 05, 2018 - 6:29 a.m.

CVE-2018-16509

2018-09-0506:29:00

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect “restoration of privilege” checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the “pipe” instruction.

Affected configurations

NVD

Node

debiandebian_linuxMatch8.0

OR

debiandebian_linuxMatch9.0

Node

artifexghostscriptRange<9.24

Node

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch16.04lts

OR

canonicalubuntu_linuxMatch18.04lts

Node

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_desktopMatch7.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_serverMatch7.0

OR

redhatenterprise_linux_server_eusMatch7.5

OR

redhatenterprise_linux_workstationMatch6.0

OR

redhatenterprise_linux_workstationMatch7.0

Node

artifexgpl_ghostscriptRange<9.26

References

git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33662a2afdc377159f70218e67bde5

git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d590b4a91afac2e8417360b934156

git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486a6595c43f1de1cd7ade696020a31

git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=520bb0ea7519aa3e79db78aaf0589dae02103764

seclists.org/oss-sec/2018/q3/142

www.securityfocus.com/bid/105122

access.redhat.com/errata/RHSA-2018:2918

access.redhat.com/errata/RHSA-2018:3760

bugs.ghostscript.com/show_bug.cgi?id=699654

lists.debian.org/debian-lts-announce/2018/09/msg00015.html

security.gentoo.org/glsa/201811-12

usn.ubuntu.com/3768-1/

www.artifex.com/news/ghostscript-security-resolved/

www.debian.org/security/2018/dsa-4294

www.exploit-db.com/exploits/45369/

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

Related for NVD:CVE-2018-16509