CVE-2018-16802
HIGH7.8EPSS 0.97%發布日:2018/9/10修改日:2026/4/28
描述
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
受影響套件(2)
- Alpine/ghostscriptfrom 0, < 9.25-r0
- Debian/ghostscriptfrom 0, < 9.25~dfsg-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |