CVE-2018-16539

Sažetak

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

Reference

https://www.artifex.com/news/ghostscript-security-resolved/
https://bugs.ghostscript.com/show_bug.cgi?id=699658
https://www.debian.org/security/2018/dsa-4288
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
https://usn.ubuntu.com/3768-1/
https://security.gentoo.org/glsa/201811-12
https://access.redhat.com/errata/RHSA-2018:3650
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=a054156d425b4dbdaaa9fda4b5f1182b27598c2b

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:53

Objavljeno

05-09-2018 - 18:29