CVE-2018-11645

Published: Jun 1, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.

Affected (1)

Products: Artifex: Ghostscript

Artifex

1 product

Ghostscript

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript	Up to 9.20

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b60d50b7567369ad856cebe1efb6cd7dd2284219

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2019:2281

Source: cve@mitre.org

https://bugs.ghostscript.com/show_bug.cgi?id=697193

Source: cve@mitre.org

Issue TrackingPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html

Source: cve@mitre.org

https://usn.ubuntu.com/3768-1/

Source: cve@mitre.org

https://www.debian.org/security/2018/dsa-4336

Source: cve@mitre.org

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b60d50b7567369ad856cebe1efb6cd7dd2284219