cpe:/a:artifex:ghostscript:8_64 cpe:/a:artifex:ghostscript:9.00 cpe:/a:artifex:ghostscript:9.01 cpe:/a:artifex:ghostscript:9.02 cpe:/a:artifex:ghostscript:9.04 cpe:/a:artifex:ghostscript:9.05 cpe:/a:artifex:ghostscript:9.06 cpe:/a:artifex:ghostscript:9.07 cpe:/a:artifex:ghostscript:9.09 cpe:/a:artifex:ghostscript:9.10 cpe:/a:artifex:ghostscript:9.14 cpe:/a:artifex:ghostscript:9.15 cpe:/a:artifex:ghostscript:9.16 cpe:/a:artifex:ghostscript:9.18 cpe:/a:artifex:ghostscript:9.19 cpe:/a:artifex:ghostscript:9.20 cpe:/a:artifex:ghostscript:9.21 cpe:/a:artifex:ghostscript:9.22 cpe:/a:artifex:ghostscript:9.23 cpe:/a:artifex:gpl_ghostscript:- cpe:/a:artifex:gpl_ghostscript:8.01 cpe:/a:artifex:gpl_ghostscript:8.15 cpe:/a:artifex:gpl_ghostscript:8.50 cpe:/a:artifex:gpl_ghostscript:8.51 cpe:/a:artifex:gpl_ghostscript:8.54 cpe:/a:artifex:gpl_ghostscript:8.56 cpe:/a:artifex:gpl_ghostscript:8.57 cpe:/a:artifex:gpl_ghostscript:8.60 cpe:/a:artifex:gpl_ghostscript:8.61 cpe:/a:artifex:gpl_ghostscript:8.62 cpe:/a:artifex:gpl_ghostscript:8.63 cpe:/a:artifex:gpl_ghostscript:8.64 cpe:/a:artifex:gpl_ghostscript:8.70 cpe:/a:artifex:gpl_ghostscript:8.71 cpe:/a:artifex:gpl_ghostscript:9.00 cpe:/a:artifex:gpl_ghostscript:9.02 cpe:/a:artifex:gpl_ghostscript:9.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~ cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 cpe:/o:redhat:enterprise_linux_desktop:6.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:6.0 cpe:/o:redhat:enterprise_linux_server:7.0 cpe:/o:redhat:enterprise_linux_server_eus:7.5 cpe:/o:redhat:enterprise_linux_workstation:6.0 cpe:/o:redhat:enterprise_linux_workstation:7.0 CVE-2018-16509 2018-09-05T02:29:00.483-04:00 2019-10-02T20:03:26.223-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2019-03-08T21:55:52.050-05:00 BID 105122 EXPLOIT-DB 45369 DEBIAN DSA-4294 GENTOO GLSA-201811-12 REDHAT RHSA-2018:2918 REDHAT RHSA-2018:3760 UBUNTU USN-3768-1 MLIST [debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update MISC http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5 MISC http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156 MISC http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31 CONFIRM http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764 MISC http://seclists.org/oss-sec/2018/q3/142 MISC https://bugs.ghostscript.com/show_bug.cgi?id=699654 MISC https://www.artifex.com/news/ghostscript-security-resolved/ An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.