Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2018-11645

Published: 01/06/2018 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Ghostscript

Vulnerability Summary

psi/zfile.c in Artifex Ghostscript prior to 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote malicious users to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.

Vulnerable Product Search on Vulmon Subscribe to Product

artifex ghostscript

Vendor Advisories

Red Hat: Low: ghostscript security, bug fix, and enhancement update
Synopsis Low: ghostscript security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (C ...
Ubuntu Security Notice: ghostscript vulnerabilities
Several security issues were fixed in Ghostscript ...
Debian CVElist Bug Report Logs: ghostscript has a new code execution issue, even when used with -dSAFER
Debian Bug report logs - #907332 ghostscript has a new code execution issue, even when used with -dSAFER Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: Nicolas Braud-Santoni <nicoo@deb ...
Debian CVElist Bug Report Logs: ghostscript: CVE-2018-18284: 1Policy operator gives access to .forceput
Debian Bug report logs - #911175 ghostscript: CVE-2018-18284: 1Policy operator gives access to forceput Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 16 Oct 2018 19:09:02 UTC Severi ...
Amazon Linux 2: ALAS2-2018-1088
It was discovered that the ghostscript shfill operator did not properly validate certain types An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document(CVE-2018-15909) An issue was discovered in Artife ...

References

CWE-200https://bugs.ghostscript.com/show_bug.cgi?id=697193https://lists.debian.org/debian-lts-announce/2018/09/msg00015.htmlhttps://usn.ubuntu.com/3768-1/https://www.debian.org/security/2018/dsa-4336https://access.redhat.com/errata/RHSA-2019:2281http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b60d50b7567369ad856cebe1efb6cd7dd2284219https://access.redhat.com/errata/RHSA-2019:2281https://usn.ubuntu.com/3768-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook