9.3

CVE-2018-16509

Exploit
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
ArtifexGhostscript Version < 9.24
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
ArtifexGpl Ghostscript Version < 9.26
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 92.5% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://security.gentoo.org/glsa/201811-12
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2918
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3768-1/
Third Party Advisory
http://www.securityfocus.com/bid/105122
Third Party Advisory
VDB Entry
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33662a2afdc377159f70218e67bde5
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d590b4a91afac2e8417360b934156
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486a6595c43f1de1cd7ade696020a31
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=520bb0ea7519aa3e79db78aaf0589dae02103764
http://seclists.org/oss-sec/2018/q3/142
Third Party Advisory
Exploit
Mailing List
https://access.redhat.com/errata/RHSA-2018:3760
Third Party Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=699654
Third Party Advisory
Issue Tracking
Permissions Required
https://www.artifex.com/news/ghostscript-security-resolved/
Vendor Advisory
https://www.debian.org/security/2018/dsa-4294
Third Party Advisory
https://www.exploit-db.com/exploits/45369/
Third Party Advisory
Exploit
VDB Entry