{
  "threat_severity" : "Important",
  "public_date" : "2018-09-12T00:00:00Z",
  "bugzilla" : {
    "description" : "ghostscript: Incorrect \"restoration of privilege\" checking when running out of stack during exception handling",
    "id" : "1627959",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1627959"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "An issue was discovered in Artifex Ghostscript before 9.25. Incorrect \"restoration of privilege\" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction. This is due to an incomplete fix for CVE-2018-16509." ],
  "statement" : "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5 and 6.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-12-17T00:00:00Z",
    "advisory" : "RHSA-2018:3834",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "ghostscript-0:9.07-31.el7_6.6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "ghostscript",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "ghostscript",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "ghostscript",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-16802\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16802" ],
  "name" : "CVE-2018-16802",
  "mitigation" : {
    "value" : "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509",
    "lang" : "en:us"
  },
  "csaw" : false
}