CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

Weakness

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/120.html
• https://cwe.mitre.org/data/definitions/15.html
• https://cwe.mitre.org/data/definitions/182.html
• https://cwe.mitre.org/data/definitions/3.html
• https://cwe.mitre.org/data/definitions/43.html
• https://cwe.mitre.org/data/definitions/6.html
• https://cwe.mitre.org/data/definitions/71.html
• https://cwe.mitre.org/data/definitions/73.html
• https://cwe.mitre.org/data/definitions/85.html

References

• http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519
• http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33
• http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d
• http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486
• https://access.redhat.com/errata/RHSA-2018:3761
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863
• http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519
• http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33
• http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d
• http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486
• https://access.redhat.com/errata/RHSA-2018:3761
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863