AVG-929 log
| Package | ghostscript |
| Status | Fixed |
| Severity | High |
| Type | sandbox escape |
| Affected | 9.26-2 |
| Fixed | 9.27-1 |
| Current | 10.03.0-2 [extra] |
| Ticket | FS#62102 |
| Created | Thu Mar 21 16:18:18 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-3838 | High | Yes | Sandbox escape | It was found that the forceput operator could be extracted from the DefineResource method using methods similar to the ones described in CVE-2019-6116. A... |
| CVE-2019-3835 | High | Yes | Sandbox escape | It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 11 Apr 2019 | ASA-201904-5 | ghostscript | sandbox escape |