CVE-2018-16539 — Sensitive Information Exposure in Ghostscript

CWE-200 — Sensitive Information Exposure CWE-377 — Insecure Temporary File9 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 42.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript Canonical Ubuntu Linux Debian Linux +6 more

Timeline

PublishedSep 5

Latest updateMay 14

Description

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶NVDartifex/ghostscript< 9.24

▶Debianartifex/ghostscript< 9.22~dfsg-3+3

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 7.6

Patches

Patch: www.artifex.com ↗Patch: www.artifex.com ↗

🔴Vulnerability Details

GHSA

GHSA-prv5-j87r-4g4g: In Artifex Ghostscript before 9↗2022-05-14

▶

CVEList

CVE-2018-16539: In Artifex Ghostscript before 9↗2018-09-05

▶

OSV

CVE-2018-16539: In Artifex Ghostscript before 9↗2018-09-05

▶

📋Vendor Advisories

Ubuntu

Ghostscript vulnerabilities↗2018-09-19

▶

Red Hat

ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658)↗2018-09-06

▶

Debian

CVE-2018-16539: ghostscript - In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript ...↗2018

▶

💬Community

Bugzilla

CVE-2018-16539 ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658) [fedora-all]↗2018-09-06

▶

Bugzilla

CVE-2018-16539 ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658)↗2018-09-06

▶