CVE-2018-16863

HIGH

Ghostscript 9.07 - RCE

Title source: llm

Description

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

References (6)

[Patch] http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33

[Patch] http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:3761

[Patch] http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486

[Patch] http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519

Scores

CVSS v3 7.3

EPSS 0.0008

EPSS Percentile 24.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-184 CWE-78

Status published

Products (7)

artifex/ghostscript 9.07

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server_aus 7.6

redhat/enterprise_linux_server_eus 7.6

redhat/enterprise_linux_server_tus 7.6

redhat/enterprise_linux_workstation 7.0

Published Dec 03, 2018

Tracked Since Feb 18, 2026