cve/2018/CVE-2018-16509.md

### [CVE-2018-16509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16509)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.

### POC

#### Reference
- http://seclists.org/oss-sec/2018/q3/142
- https://www.exploit-db.com/exploits/45369/

#### Github
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xT11/CVE-POC
- https://github.com/0xZipp0/OSCP
- https://github.com/0xsyr0/OSCP
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AssassinUKG/CVE_2018_16509
- https://github.com/Ly0nt4r/OSCP
- https://github.com/NCSU-DANCE-Research-Group/CDL
- https://github.com/SenukDias/OSCP_cheat
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SirElmard/ethical_hacking
- https://github.com/Threekiii/Awesome-Exploit
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/barrracud4/image-upload-exploits
- https://github.com/cved-sources/cve-2018-16509
- https://github.com/e-hakson/OSCP
- https://github.com/eljosep/OSCP-Guide
- https://github.com/exfilt/CheatSheet
- https://github.com/farisv/PIL-RCE-Ghostscript-CVE-2018-16509
- https://github.com/itsmiki/hackthebox-web-challenge-payloads
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/knqyf263/CVE-2018-16509
- https://github.com/lnick2023/nicenice
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/oscpname/OSCP_cheat
- https://github.com/parth45/cheatsheet
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/revanmalang/OSCP
- https://github.com/rhpco/CVE-2018-16509
- https://github.com/shelld3v/RCE-python-oneliner-payload
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/txuswashere/OSCP
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xhref/OSCP
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-16509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16509)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.`

			`### POC`

			`#### Reference`
			`- http://seclists.org/oss-sec/2018/q3/142`
			`- https://www.exploit-db.com/exploits/45369/`

			`#### Github`
			`- https://github.com/0xStrygwyr/OSCP-Guide`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/0xZipp0/OSCP`
			`- https://github.com/0xsyr0/OSCP`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/AssassinUKG/CVE_2018_16509`
			`- https://github.com/Ly0nt4r/OSCP`
			`- https://github.com/NCSU-DANCE-Research-Group/CDL`
Update CVE sources 2024-08-05 18:41 2024-08-05 18:41:32 +00:00			`- https://github.com/SenukDias/OSCP_cheat`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/SexyBeast233/SecBooks`
			`- https://github.com/SirElmard/ethical_hacking`
			`- https://github.com/Threekiii/Awesome-Exploit`
			`- https://github.com/Threekiii/Awesome-POC`
			`- https://github.com/Threekiii/Vulhub-Reproduce`
			`- https://github.com/bakery312/Vulhub-Reproduce`
			`- https://github.com/barrracud4/image-upload-exploits`
			`- https://github.com/cved-sources/cve-2018-16509`
			`- https://github.com/e-hakson/OSCP`
			`- https://github.com/eljosep/OSCP-Guide`
Update CVE sources 2024-08-22 18:33 2024-08-22 18:33:16 +00:00			`- https://github.com/exfilt/CheatSheet`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/farisv/PIL-RCE-Ghostscript-CVE-2018-16509`
			`- https://github.com/itsmiki/hackthebox-web-challenge-payloads`
			`- https://github.com/kgwanjala/oscp-cheatsheet`
			`- https://github.com/knqyf263/CVE-2018-16509`
			`- https://github.com/lnick2023/nicenice`
			`- https://github.com/nitishbadole/oscp-note-3`
			`- https://github.com/oscpname/OSCP_cheat`
Update CVE sources 2024-08-22 18:33 2024-08-22 18:33:16 +00:00			`- https://github.com/parth45/cheatsheet`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/qazbnm456/awesome-cve-poc`
			`- https://github.com/revanmalang/OSCP`
			`- https://github.com/rhpco/CVE-2018-16509`
			`- https://github.com/shelld3v/RCE-python-oneliner-payload`
			`- https://github.com/superlink996/chunqiuyunjingbachang`
			`- https://github.com/txuswashere/OSCP`
			`- https://github.com/xbl3/awesome-cve-poc_qazbnm456`
			`- https://github.com/xhref/OSCP`