CVE-2018-16863
7.3HIGH
Summary
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.
Affected Version(s)
ghostscript = 9.07
Refferences
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh...
x_refsource_CONFIRM
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh...
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3761
vendor-advisoryx_refsource_REDHAT
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh...
x_refsource_CONFIRM
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh...
x_refsource_CONFIRM
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database