CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

Published: Dec 3, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-16863
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-78
CWE-184

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
artifex / ghostscript	9.07	9.07.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_eus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486
https://access.redhat.com/errata/RHSA-2018:3761
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863

Vulnerability Database

289,697

CVE-2018-16863