CVE-2018-16539
Published: 5 September 2018
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
Notes
Author | Note |
---|---|
mdeslaur | second commit fixes regression |
Priority
Status
Package | Release | Status |
---|---|---|
ghostscript Launchpad, Ubuntu, Debian |
upstream |
Released
(9.22~dfsg-3)
|
xenial |
Released
(9.18~dfsg~0-0ubuntu2.9)
|
|
bionic |
Released
(9.22~dfsg+1-0ubuntu1.2)
|
|
trusty |
Released
(9.10~dfsg-0ubuntu10.13)
|
|
Patches: upstream: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b upstream: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=150c8f69646b854a99f35f27edaae012eb2e900f |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |