CVE-2018-16802

NameCVE-2018-16802
DescriptionAn issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1504-1, DSA-4294-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ghostscript (PTS)jessie9.06~dfsg-2+deb8u7vulnerable
jessie (security)9.06~dfsg-2+deb8u8fixed
stretch9.20~dfsg-3.2+deb9u2vulnerable
stretch (security)9.20~dfsg-3.2+deb9u5fixed
buster, sid9.25~dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ghostscriptsource(unstable)9.25~dfsg-1
ghostscriptsourceexperimental9.25~dfsg-1~exp1
ghostscriptsourcejessie9.06~dfsg-2+deb8u8DLA-1504-1
ghostscriptsourcestretch9.20~dfsg-3.2+deb9u5DSA-4294-1

Notes

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590

Search for package or bug name: Reporting problems