CVE-2018-11645

Published: Jun 1, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

USN-3768-1

vendor-advisory

x_refsource_UBUNTU

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b60d50b7567369ad856cebe1efb6cd7dd2284219

x_refsource_MISC

https://bugs.ghostscript.com/show_bug.cgi?id=697193

x_refsource_MISC

DSA-4336

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update

mailing-list

x_refsource_MLIST

RHSA-2019:2281

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-11645

Description

Affected Products

References