VulnCheck KEV: CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0035)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent...

EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2018-1430)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: /invalidaccess bypass after failed restore.CVE-2018-16509 - ghostscript: LockDistillerParams type confusion.CVE-2018-15910 -...

EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2018-1404)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: /invalidaccess bypass after failed restore.CVE-2018-16509 - ghostscript: LockDistillerParams type confusion.CVE-2018-15910 -...

ghostscript: /invalidaccess bypass after failed restore (699654)

It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document...

ghostscript: /invalidaccess bypass after failed restore (699654)

It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document...

Ghostscript Failed Restore Command Execution

This module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore grestore in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick. This module requires Metasploit:...

Design/Logic Flaw

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

CVE-2018-16509

Ghostscript (Artifex) before 9.25 has an issue where /invalidaccess checks can fail, allowing crafted PostScript to bypass -dSAFER and execute code via the pipe instruction. Several advisories indicate this is a security flaw that could enable remote/unauthenticated code execution in Ghostscript ...

Artifex Ghostscript Code Execution Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...