CVE-2018-16802
7.8
HIGH
CVSS 3.1
EPSS 0.97%
Description
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
How to fix CVE-2018-16802
To remediate CVE-2018-16802, upgrade the affected package to a fixed version below.
- —upgrade to 9.25-r0 or later
- —upgrade to 9.25~dfsg-1 or later
Is CVE-2018-16802 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 9.25-r0
- from 0, < 9.25~dfsg-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |