CVE-2018-16863
HIGHGhostscript 9.07 - Remote Code Execution via PostScript Document
Title source: llmDescription
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.
References (6)
Core 6
Core References
Patch x_refsource_confirm
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33
Patch x_refsource_confirm
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3761
Patch x_refsource_confirm
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486
Patch x_refsource_confirm
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519
Scores
CVSS v3
7.3
EPSS
0.0125
EPSS Percentile
65.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-184
CWE-78
Status
published
Products (7)
artifex/ghostscript
9.07
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_server
7.0
redhat/enterprise_linux_server_aus
7.6
redhat/enterprise_linux_server_eus
7.6
redhat/enterprise_linux_server_tus
7.6
redhat/enterprise_linux_workstation
7.0
Published
Dec 03, 2018
Tracked Since
Feb 18, 2026