vulnerability
Oracle Linux: CVE-2018-16541: ELSA-2018-3834: ghostscript security and bug fix update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Sep 6, 2018 | Dec 18, 2018 | Dec 3, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Sep 6, 2018
Added
Dec 18, 2018
Modified
Dec 3, 2025
Description
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
It was discovered that the ghostscript device cleanup did not properly handle devices replaced with a null device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
It was discovered that the ghostscript device cleanup did not properly handle devices replaced with a null device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.
Solutions
oracle-linux-upgrade-ghostscriptoracle-linux-upgrade-ghostscript-cupsoracle-linux-upgrade-ghostscript-develoracle-linux-upgrade-ghostscript-docoracle-linux-upgrade-ghostscript-gtk
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.