[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-16539Date: (C)2018-09-10   (M)2024-04-19


In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.5CVSS Score : 4.3
Exploit Score: 1.8Exploit Score: 8.6
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
DSA-4288
GLSA-201811-12
RHSA-2018:3650
USN-3768-1
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=a054156d425b4dbdaaa9fda4b5f1182b27598c2b
https://bugs.ghostscript.com/show_bug.cgi?id=699658
https://www.artifex.com/news/ghostscript-security-resolved/

CPE    8
cpe:/o:debian:debian_linux:9.0
cpe:/o:debian:debian_linux:8.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/o:redhat:enterprise_linux_server:7.0
...
CWE    1
CWE-200
OVAL    14
oval:org.secpod.oval:def:89002514
oval:org.secpod.oval:def:115078
oval:org.secpod.oval:def:603507
oval:org.secpod.oval:def:53411
...

© SecPod Technologies