CVE-2018-11645

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.

References

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b60d50b7567369ad856cebe1efb6cd7dd2284219

https://access.redhat.com/errata/RHSA-2019:2281

https://bugs.ghostscript.com/show_bug.cgi?id=697193

https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html

https://usn.ubuntu.com/3768-1/

https://www.debian.org/security/2018/dsa-4336

Details

Source: MITRE

Published: 2018-06-01

Updated: 2018-11-11

Type: CWE-200

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* versions up to 9.20 (inclusive)

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
149171EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2021-1788)NessusHuawei Local Security Checks
high
135661EulerOS Virtualization 3.0.2.2 : ghostscript (EulerOS-SA-2020-1499)NessusHuawei Local Security Checks
critical
134529EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2020-1240)NessusHuawei Local Security Checks
critical
132453NewStart CGSL CORE 5.05 / MAIN 5.05 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0250)NessusNewStart CGSL Local Security Checks
critical
130860EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-2151)NessusHuawei Local Security Checks
critical
129908NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0203)NessusNewStart CGSL Local Security Checks
critical
128382CentOS 7 : ghostscript (CESA-2019:2281)NessusCentOS Local Security Checks
medium
128219Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
127704RHEL 7 : ghostscript (RHSA-2019:2281)NessusRed Hat Local Security Checks
medium
118893Debian DSA-4336-1 : ghostscript - security updateNessusDebian Local Security Checks
high
118043Amazon Linux 2 : ghostscript (ALAS-2018-1088)NessusAmazon Linux Local Security Checks
high
117595Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ghostscript vulnerabilities (USN-3768-1)NessusUbuntu Local Security Checks
high
117487Debian DLA-1504-1 : ghostscript security updateNessusDebian Local Security Checks
high