CVE-2019-3838 log

Source
Severity High
Remote Yes
Type Sandbox escape
Description
It was found that the forceput operator could be extracted from the DefineResource method using methods similar to the ones described in CVE-2019-6116. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Group Package Affected Fixed Severity Status Ticket
AVG-929 ghostscript 9.26-2 9.27-1 High Fixed FS#62102
Date Advisory Group Package Severity Description
11 Apr 2019 ASA-201904-5 AVG-929 ghostscript High sandbox escape
References
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd95bb01
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e8f95a