CVE-2018-16509

Related Files

Red Hat Security Advisory 2018-3760-01

Posted Dec 4, 2018

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3760-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.

tags | advisory, bypass

systems | linux, redhat

advisories | CVE-2018-16509

SHA-256 | c0b5e2769486069d204e50f7e3f88899e3ecec392143407a2813ee619249a793

Download | Favorite | View

Gentoo Linux Security Advisory 201811-12

Posted Nov 24, 2018

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-12 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in the execution of arbitrary code. Versions prior to 9.26 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2017-11714, CVE-2017-7948, CVE-2017-9610, CVE-2017-9611, CVE-2017-9612, CVE-2017-9618, CVE-2017-9619, CVE-2017-9620, CVE-2017-9726, CVE-2017-9727, CVE-2017-9739, CVE-2017-9740, CVE-2017-9835, CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911, CVE-2018-16509, CVE-2018-16510, CVE-2018-16511, CVE-2018-16513, CVE-2018-16539, CVE-2018-16540, CVE-2018-16541, CVE-2018-16542, CVE-2018-16543

SHA-256 | f5b4a728b14187c5a83c7a7e52cff21a77fc1eec1f231e5c5605761a0aeee79f

Download | Favorite | View

Red Hat Security Advisory 2018-2918-01

Posted Oct 16, 2018

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2918-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.

tags | advisory, bypass

systems | linux, redhat

advisories | CVE-2018-10194, CVE-2018-15910, CVE-2018-16509, CVE-2018-16542

SHA-256 | 1365f857a8861ae654e77cc6eefab17b628f59e2c5ee0d9dae6960f0308f4405

Download | Favorite | View

Debian Security Advisory 4294-1

Posted Sep 17, 2018

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4294-1 - Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).

tags | advisory, arbitrary

systems | linux, debian

advisories | CVE-2018-16509, CVE-2018-16802

SHA-256 | 45e8cc03f17d1c003d8c0c70b9c56bf113fa26a077c1c2d1be4862854c7547b1

Download | Favorite | View

Slackware Security Advisory - ghostscript Updates

Posted Sep 14, 2018

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New ghostscript packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory

systems | linux, slackware

advisories | CVE-2018-16509

SHA-256 | 22735e4a44be3fb95fef08aa7246a639c27bd8dac485d656e4e728b7ff7980ef

Download | Favorite | View

Ghostscript Failed Restore Command Execution

Posted Sep 6, 2018

Authored by Tavis Ormandy, wvu | Site metasploit.com

This Metasploit module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore (grestore) in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick, and this module provides the latest vector for Ghostscript.

tags | exploit, arbitrary

advisories | CVE-2018-16509

SHA-256 | 9a18d75e03ae94b3478787aa8898389327fe3597f03bcf6872c9a239283731ae

Download | Favorite | View