Public Date:
1585914: CVE-2018-11645 ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files
Ghostscript did not honor the -dSAFER option when executing the "status" instruction, which can be used to retrieve information such as a file's existence and size. A specially crafted postscript document could use this flow to gain information on the targeted system's filesystem content.

Find out more about CVE-2018-11645 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact None
Availability Impact None

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 ghostscript Not affected
Red Hat Enterprise Linux 7 ghostscript Will not fix
Red Hat Enterprise Linux 6 ghostscript Will not fix
Red Hat Enterprise Linux 5 ghostscript Will not fix
Last Modified