In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
References
Link | Resource |
---|---|
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=a054156d425b4dbdaaa9fda4b5f1182b27598c2b | |
https://access.redhat.com/errata/RHSA-2018:3650 | Third Party Advisory |
https://bugs.ghostscript.com/show_bug.cgi?id=699658 | Issue Tracking Permissions Required Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/201811-12 | Third Party Advisory |
https://usn.ubuntu.com/3768-1/ | Third Party Advisory |
https://www.artifex.com/news/ghostscript-security-resolved/ | Patch Vendor Advisory |
https://www.debian.org/security/2018/dsa-4288 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 02:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-09-05 18:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-16539
Mitre link : CVE-2018-16539
CVE.ORG link : CVE-2018-16539
JSON object : View
Products Affected
artifex
- ghostscript
redhat
- enterprise_linux_server_eus
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_server_tus
- enterprise_linux_workstation
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor