CVE-2018-16539
Published: 5 September 2018
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
Priority
CVSS 3 base score: 5.5
Status
Package | Release | Status |
---|---|---|
ghostscript Launchpad, Ubuntu, Debian |
bionic |
Released
(9.22~dfsg+1-0ubuntu1.2)
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was released [9.10~dfsg-0ubuntu10.13])
|
|
upstream |
Released
(9.22~dfsg-3)
|
|
xenial |
Released
(9.18~dfsg~0-0ubuntu2.9)
|
Notes
Author | Note |
---|---|
mdeslaur | second commit fixes regression |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16539
- https://www.artifex.com/news/ghostscript-security-resolved/
- https://ubuntu.com/security/notices/USN-3768-1
- NVD
- Launchpad
- Debian