Search for vulnerabilities
Vulnerability details: VCID-pt8g-dfsx-wydn
Vulnerability ID VCID-pt8g-dfsx-wydn
Aliases CVE-2018-16509
Summary An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
Status Published
Exploitability 2.0
Weighted Severity 8.4
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 7.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16509.json
epss 0.91513 https://api.first.org/data/v1/epss?cve=CVE-2018-16509
epss 0.92178 https://api.first.org/data/v1/epss?cve=CVE-2018-16509
epss 0.92178 https://api.first.org/data/v1/epss?cve=CVE-2018-16509
epss 0.92178 https://api.first.org/data/v1/epss?cve=CVE-2018-16509
epss 0.92178 https://api.first.org/data/v1/epss?cve=CVE-2018-16509
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2018-16509
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2018-16509
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2018-16509
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2018-16509
cvssv3 7.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2018-16509
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2018-16509
Reference id Reference type URL
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33662a2afdc377159f70218e67bde5
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d590b4a91afac2e8417360b934156
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486a6595c43f1de1cd7ade696020a31
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=520bb0ea7519aa3e79db78aaf0589dae02103764
https://access.redhat.com/errata/RHSA-2018:2918
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16509.json
https://api.first.org/data/v1/epss?cve=CVE-2018-16509
https://bugs.ghostscript.com/show_bug.cgi?id=699654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17183
http://seclists.org/oss-sec/2018/q3/142
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://www.artifex.com/news/ghostscript-security-resolved/
https://www.debian.org/security/2018/dsa-4294
https://www.exploit-db.com/exploits/45369/
http://www.securityfocus.com/bid/105122
1619748 https://bugzilla.redhat.com/show_bug.cgi?id=1619748
907332 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907332
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2018-16509 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/45369.rb
CVE-2018-16509 https://nvd.nist.gov/vuln/detail/CVE-2018-16509
CVE-2018-16509 Exploit https://raw.githubusercontent.com/rapid7/metasploit-framework/7f20178a0572176d2d57118e1e5cc3ef9c434656/modules/exploits/multi/fileformat/ghostscript_failed_restore.rb
RHSA-2018:3760 https://access.redhat.com/errata/RHSA-2018:3760
USN-3768-1 https://usn.ubuntu.com/3768-1/
Data source Metasploit
Description This module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore (grestore) in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick.
Note 
Stability:
  - crash-safe
SideEffects: []
Reliability: []
RelatedModules:
  - exploit/unix/fileformat/ghostscript_type_confusion
  - exploit/unix/fileformat/imagemagick_delegate
Ransomware campaign use Unknown
Source publication date Aug. 21, 2018
Platform Linux,Unix,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/fileformat/ghostscript_failed_restore.rb
Data source Exploit-DB
Date added Sept. 10, 2018
Description Ghostscript - Failed Restore Command Execution (Metasploit)
Ransomware campaign use Known
Source publication date Sept. 10, 2018
Exploit type local
Platform linux
Source update date Sept. 10, 2018
Source URL https://raw.githubusercontent.com/rapid7/metasploit-framework/7f20178a0572176d2d57118e1e5cc3ef9c434656/modules/exploits/multi/fileformat/ghostscript_failed_restore.rb
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16509.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2018-16509
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-16509
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99664
EPSS Score 0.91513
Published At Aug. 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:38:21.226358+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/3768-1/ 37.0.0