CVE-2019-3838 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Sandbox escape
Description	It was found that the forceput operator could be extracted from the DefineResource method using methods similar to the ones described in CVE-2019-6116. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-929	ghostscript	9.26-2	9.27-1	High	Fixed	FS#62102

Date	Advisory	Group	Package	Severity	Type
11 Apr 2019	ASA-201904-5	AVG-929	ghostscript	High	sandbox escape

References
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd95bb01 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e8f95a