CVE-2018-16802

NameCVE-2018-16802
DescriptionAn issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1504-1, DSA-4294-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ghostscript (PTS)jessie, jessie (lts)9.26a~dfsg-0+deb8u12fixed
stretch (security)9.26a~dfsg-0+deb9u9fixed
stretch (lts), stretch9.26a~dfsg-0+deb9u12fixed
buster9.27~dfsg-2+deb10u5fixed
buster (security)9.27~dfsg-2+deb10u9fixed
bullseye9.53.3~dfsg-7+deb11u6fixed
bullseye (security)9.53.3~dfsg-7+deb11u5fixed
bookworm (security), bookworm10.0.0~dfsg-11+deb12u3fixed
trixie10.02.1~dfsg-3fixed
sid10.03.0~dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ghostscriptsourceexperimental9.25~dfsg-1~exp1
ghostscriptsourcewheezy(unfixed)end-of-life
ghostscriptsourcejessie9.06~dfsg-2+deb8u8DLA-1504-1
ghostscriptsourcestretch9.20~dfsg-3.2+deb9u5DSA-4294-1
ghostscriptsource(unstable)9.25~dfsg-1

Notes

https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590

Search for package or bug name: Reporting problems