AVG-786

Package ghostscript
Status Fixed
Severity High
Type sandbox escape
Affected 9.25-3
Fixed 9.25-4
Current 9.26-2 [extra]
Ticket None
Created Mon Oct 22 16:05:24 2018
Issue Severity Remote Type Description
CVE-2018-18284 High Yes Sandbox escape
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
CVE-2018-18073 High Yes Sandbox escape
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an...
CVE-2018-17961 High Yes Sandbox escape
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup.
Date Advisory Package Description
06 Nov 2018 ASA-201811-3 ghostscript sandbox escape