CVE-2018-16539
Description
Ghostscript before 9.24 allows disclosure of arbitrary files via crafted PostScript due to incorrect temp file access checks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Ghostscript before 9.24 allows disclosure of arbitrary files via crafted PostScript due to incorrect temp file access checks.
Vulnerability
In Artifex Ghostscript before version 9.24, the handling of temporary files in the PostScript interpreter contains an incorrect access check vulnerability. An attacker who can supply a crafted PostScript file can leverage this flaw to read files on the system that would otherwise be inaccessible. [1][2]
Exploitation
An attacker must be able to provide a specially crafted PostScript file to a Ghostscript interpreter. No additional authentication or network position is required if the user processes the file. The exploit involves triggering the temp file handling code path with the malicious input, bypassing intended access restrictions.
Impact
Successful exploitation leads to disclosure of arbitrary file contents on the system, compromising confidentiality. The attacker gains read access to files that are not normally readable, potentially including sensitive data.
Mitigation
The vulnerability is fixed in Ghostscript version 9.24. Red Hat Enterprise Linux 7 shipped a patched version 9.07-31.el7_6.1 [1]. Ubuntu 18.04 LTS received package version 9.22~dfsg+1-0ubuntu1.2 [2]. Users should update to the latest patched version for their distribution. No workaround is provided.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16- Range: < 9.24
- osv-coords15 versionspkg:rpm/opensuse/ghostscript&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015
< 9.54.0-2.2+ 14 more
- (no CPE)range: < 9.54.0-2.2
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-3.6.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 9.25-23.13.1
- (no CPE)range: < 0.2.8-3.2.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
8- access.redhat.com/errata/RHSA-2018:3650mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201811-12mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3768-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4288mitrevendor-advisoryx_refsource_DEBIAN
- git.ghostscript.commitrex_refsource_MISC
- bugs.ghostscript.com/show_bug.cgimitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2018/09/msg00015.htmlmitremailing-listx_refsource_MLIST
- www.artifex.com/news/ghostscript-security-resolved/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.