CVE-2018-16802

NameCVE-2018-16802
DescriptionAn issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1504-1, DSA-4294-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ghostscript (PTS)jessie, jessie (lts)9.26a~dfsg-0+deb8u13fixed
stretch (security)9.26a~dfsg-0+deb9u9fixed
stretch (lts), stretch9.26a~dfsg-0+deb9u13fixed
buster, buster (lts)9.27~dfsg-2+deb10u10fixed
buster (security)9.27~dfsg-2+deb10u9fixed
bullseye9.53.3~dfsg-7+deb11u7fixed
bullseye (security)9.53.3~dfsg-7+deb11u9fixed
bookworm10.0.0~dfsg-11+deb12u5fixed
bookworm (security)10.0.0~dfsg-11+deb12u6fixed
sid, trixie10.04.0~dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ghostscriptsourceexperimental9.25~dfsg-1~exp1
ghostscriptsourcejessie9.06~dfsg-2+deb8u8DLA-1504-1
ghostscriptsourcestretch9.20~dfsg-3.2+deb9u5DSA-4294-1
ghostscriptsource(unstable)9.25~dfsg-1

Notes

https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590

Search for package or bug name: Reporting problems