SB2019052335 - Information disclosure in Ghostscript
Published: May 23, 2019 Updated: August 8, 2020
Security Bulletin ID
SB2019052335
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2017-15652)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well.
Remediation
Install update from vendor's website.