ALPINE-CVE-2018-16802

ALPINE-CVE-2018-16802 PUBLISHED CVSS 7.800000190734863 HIGH

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Risk Scores

CVSS 3.0

7.800000190734863

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.6	ghostscript	8.71-r0, 0, 8.64-r0
Alpine:v3.23	ghostscript	8.71-r4, 9.00-r0, 9.00-r1
Alpine:v3.22	ghostscript	9.00-r0, 9.24-r0, 9.22-r0
Alpine:v3.14	ghostscript	9.24-r0, 9.20-r0, 9.20-r1
Alpine:v3.19	ghostscript	9.16-r2, 0, 8.64-r0
Alpine:v3.17	ghostscript	9.24-r0, 9.22-r0, 9.21-r3
Alpine:v3.13	ghostscript	9.24-r0, 0, 8.64-r0
Alpine:v3.8	ghostscript	9.24-r0, 0, 8.64-r0
Alpine:v3.12	ghostscript	8.70-r0, 8.71-r0, 8.71-r1
Alpine:v3.7	ghostscript	0, 9.24-r0, 9.22-r0
Alpine:v3.21	ghostscript	8.64-r0, 8.70-r0, 8.71-r0
Alpine:v3.20	ghostscript	0, 8.64-r0, 8.70-r0
Alpine:v3.9	ghostscript	9.24-r0, 8.64-r0, 8.70-r0
Alpine:v3.15	ghostscript	9.24-r0, 0, 8.64-r0
Alpine:v3.18	ghostscript	9.09-r0, 9.24-r0, 9.22-r0
Alpine:v3.5	ghostscript	8.70-r0, 8.71-r0, 8.71-r1
Alpine:v3.16	ghostscript	9.21-r0, 9.20-r1, 9.20-r0
Alpine:v3.10	ghostscript	0, 9.24-r0, 9.22-r0
Alpine:v3.11	ghostscript	9.24-r0, 0, 8.64-r0

Timeline

Sep 10, 2018 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2018-16802 advisory

Open in Interactive Console →