{"id":"CVE-2018-11645","details":"psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.","modified":"2026-04-02T00:38:37.437099Z","published":"2018-06-01T12:29:00.223Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"},{"type":"WEB","url":"https://usn.ubuntu.com/3768-1/"},{"type":"WEB","url":"http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b60d50b7567369ad856cebe1efb6cd7dd2284219"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4336"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2281"},{"type":"FIX","url":"https://bugs.ghostscript.com/show_bug.cgi?id=697193"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/artifexsoftware/ghostpdl-downloads","events":[{"introduced":"0"},{"fixed":"5d184118416aec2b83c0c6507e494e89859903a0"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"9.21rc1"}]}}],"versions":["gs918","gs919","gs920rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11645.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.20"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}