{"api_version":"1","generated_at":"2026-04-22T17:45:57+00:00","cve":"CVE-2018-16510","urls":{"html":"https://cve.report/CVE-2018-16510","api":"https://cve.report/api/cve/CVE-2018-16510.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-16510","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-16510"},"summary":{"title":"CVE-2018-16510","description":"An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the \"CS\" and \"SC\" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-09-05 06:29:00","updated_at":"2023-11-07 02:53:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9","name":"http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9","refsource":"MISC","tags":["Third Party Advisory"],"title":"git.ghostscript.com Git - ghostpdl.git/commit","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/3768-1/","name":"USN-3768-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3768-1: Ghostscript vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://openwall.com/lists/oss-security/2018/08/27/4","name":"http://openwall.com/lists/oss-security/2018/08/27/4","refsource":"MISC","tags":["Issue Tracking","Mailing List","Patch","Third Party Advisory"],"title":"oss-security - Re: Re: More Ghostscript Issues: Should we disable PS\n coders in policy.xml by default?","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=699671","name":"https://bugs.ghostscript.com/show_bug.cgi?id=699671","refsource":"MISC","tags":["Issue Tracking","Permissions Required"],"title":"699671 – handling /undefined results in SEGV","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/3773-1/","name":"USN-3773-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3773-1: Ghostscript vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201811-12","name":"GLSA-201811-12","refsource":"GENTOO","tags":["Third Party Advisory"],"title":"GPL Ghostscript: Multiple vulnerabilities (GLSA 201811-12) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ea735ba37dc0fd5f5622d031830b9a559dec1cc9","name":"http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ea735ba37dc0fd5f5622d031830b9a559dec1cc9","refsource":"","tags":[],"title":"git.ghostscript.com Git - ghostpdl.git/commit","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-16510","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16510","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"16510","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"artifex","cpe5":"ghostscript","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16510","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"artifex","cpe5":"ghostscript","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16510","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"artifex","cpe5":"gpl_ghostscript","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16510","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"artifex","cpe5":"gpl_ghostscript","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16510","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16510","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16510","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16510","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16510","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16510","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-16510","qid":"710304","title":"Gentoo Linux GPL Ghostscript Multiple Vulnerabilities (GLSA 201811-12)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-16510","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the \"CS\" and \"SC\" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://openwall.com/lists/oss-security/2018/08/27/4","refsource":"MISC","url":"http://openwall.com/lists/oss-security/2018/08/27/4"},{"name":"GLSA-201811-12","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201811-12"},{"name":"USN-3768-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3768-1/"},{"name":"http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9","refsource":"MISC","url":"http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9"},{"name":"USN-3773-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3773-1/"},{"name":"https://bugs.ghostscript.com/show_bug.cgi?id=699671","refsource":"MISC","url":"https://bugs.ghostscript.com/show_bug.cgi?id=699671"}]}},"nvd":{"publishedDate":"2018-09-05 06:29:00","lastModifiedDate":"2023-11-07 02:53:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*","versionEndExcluding":"9.24","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*","versionEndExcluding":"9.26","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"16510","Ordinal":"133301","Title":"CVE-2018-16510","CVE":"CVE-2018-16510","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"16510","Ordinal":"1","NoteData":"An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the \"CS\" and \"SC\" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"16510","Ordinal":"2","NoteData":"2018-09-05","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"16510","Ordinal":"3","NoteData":"2018-11-25","Type":"Other","Title":"Modified"}]}}}