ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802)
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect
“restoration of privilege”
checking when running out of stack during exception handling could be
used by attackers able to supply
crafted PostScript to execute code using the “pipe” instruction. This is
due to an incomplete fix for CVE-2018-16509.
References:
https://seclists.org/oss-sec/2018/q3/228
https://seclists.org/oss-sec/2018/q3/229
https://seclists.org/oss-sec/2018/q3/233
Patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24db
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5812b1b7
(from redmine: issue id 9432, created on 2018-09-20, closed on 2018-11-08)
- Relations:
- copied_to #9433 (closed)
- child #9433 (closed)
- child #9434 (closed)
- child #9435 (closed)
- child #9436 (closed)
- child #9437 (closed)