AVG-929

Package ghostscript
Status Fixed
Severity High
Type sandbox escape
Affected 9.26-2
Fixed 9.27-1
Current 9.27-2 [extra]
Ticket FS#62102
Created Thu Mar 21 16:18:18 2019
Issue Severity Remote Type Description
CVE-2019-3838 High Yes Sandbox escape
It was found that the forceput operator could be extracted from the DefineResource method using methods similar to the ones described in CVE-2019-6116. A...
CVE-2019-3835 High Yes Sandbox escape
It was found that the superexec operator was available in the internal dictionary.  A specially crafted PostScript file could use this flaw in order to, for...
Date Advisory Package Description
11 Apr 2019 ASA-201904-5 ghostscript sandbox escape