CVE-2018-16863

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ghostscript version 9.07

Description An issue was discovered where a previous fix did not fully address the problem, allowing an attacker to potentially exploit a variant of the flaw. This could enable the bypassing of the -dSAFER protection, leading to the execution of arbitrary shell commands via a specially crafted PostScript document.

Recommendations For ghostscript version 9.07, consider applying additional security measures to prevent the exploitation of this issue, such as restricting access to PostScript documents from untrusted sources, until a comprehensive fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-184

Related Identifiers

ALT-PU-2013-1054

CESA-2018_3761

CVE-2018-16863

RHSA-2018:3761

RHSA-2018_3761

Affected Products

Alt Linux

Centos

Red Hat

Ghostscript

CVE-2018-16863

Weakness Enumeration

Related Identifiers

Affected Products

References · 8