VulnCheck KEV: CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0035)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent...

The vulnerability of the Ghostscript software for document processing, conversion, and generation is related to improper checking of “privilege restoration” during the processing of /invalidaccess exception types. This allows a perpetrator to execute arbitrary code.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to improper checking of “privilege restoration” during the processing of /invalidaccess exceptions. Exploiting this vulnerability allows a malicious actor to download specially created...

EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2018-1430)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: /invalidaccess bypass after failed restore.CVE-2018-16509 - ghostscript: LockDistillerParams type confusion.CVE-2018-15910 -...

EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2018-1404)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: /invalidaccess bypass after failed restore.CVE-2018-16509 - ghostscript: LockDistillerParams type confusion.CVE-2018-15910 -...

ghostscript: /invalidaccess bypass after failed restore (699654)

It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document...

ghostscript: /invalidaccess bypass after failed restore (699654)

It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document...

Ghostscript Failed Restore Command Execution

This module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore grestore in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick. This module requires Metasploit:...

CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

Design/Logic Flaw

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

CVE-2018-16509

Ghostscript (Artifex) before 9.25 has an issue where /invalidaccess checks can fail, allowing crafted PostScript to bypass -dSAFER and execute code via the pipe instruction. Several advisories indicate this is a security flaw that could enable remote/unauthenticated code execution in Ghostscript ...

Artifex Ghostscript Code Execution Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...