Published: 01/06/2018 Updated: 11/11/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

psi/zfile.c in Artifex Ghostscript prior to 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.

Affected Products

Vendor Product Versions

Vendor Advisories

Synopsis Low: ghostscript security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (C ...
Debian Bug report logs - #907332 ghostscript has a new code execution issue, even when used with -dSAFER Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: Nicolas Braud-Santoni <nicoo@deb ...
Debian Bug report logs - #911175 ghostscript: CVE-2018-18284: 1Policy operator gives access to forceput Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 16 Oct 2018 19:09:02 UTC Severi ...
Several security issues were fixed in Ghostscript ...
It was discovered that the ghostscript shfill operator did not properly validate certain types An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document(CVE-2018-15909 ) An issue was discovered in Artif ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4336-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso November 10, 2018 wwwdebianorg/security/faq ...