CVE-2018-16863

7.3HIGH

Key Information

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 3 December 2018

Summary

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

Affected Version(s)

ghostscript = 9.07

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.8 to: 7.3 - (HIGH)
Feb 22, 2024
Vulnerability published.
Dec 3, 2018
Vulnerability Reserved.
Sep 11, 2018

Collectors

NVD DatabaseMitre Database