CVE-2018-16863 HIGH

CVE-2018-16863

Vendor Artifex
Product ghostscript
Weakness CWE-184
Published December 3, 2018
Last update August 5, 2024

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

Key dates

02Disclosure timeline

December 3, 2018 CVE published
August 5, 2024 Record updated