vulnerability

Oracle Linux: CVE-2018-16539: ELSA-2018-3650: ghostscript security update (IMPORTANT) (Multiple Advisories)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 6, 2018
Added
Jul 21, 2020
Modified
Nov 29, 2024

Description

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
It was discovered that the ghostscript did not properly restrict access to files open prior to enabling the -dSAFER mode. An attacker could possibly exploit this to bypass the -dSAFER protection and disclose the content of affected files via a specially crafted PostScript document.

Solution(s)

oracle-linux-upgrade-ghostscriptoracle-linux-upgrade-ghostscript-cupsoracle-linux-upgrade-ghostscript-develoracle-linux-upgrade-ghostscript-docoracle-linux-upgrade-ghostscript-gtk
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.