An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
Created ghostscript tracking bugs for this issue:
Affects: fedora-all [bug 1627960]
This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5 and 6.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3834 https://access.redhat.com/errata/RHSA-2018:3834
Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509