CVE-2019-6116 log

Source
Severity High
Remote Yes
Type Sandbox escape
Description
It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system and execute commands.
Group Package Affected Fixed Severity Status Ticket
AVG-860 ghostscript 9.26-1 9.26-2 High Fixed
Date Advisory Group Package Severity Description
29 Jan 2019 ASA-201901-18 AVG-860 ghostscript High sandbox escape
References
https://marc.info/?l=oss-security&m=154825433813390
https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2
https://bugs.ghostscript.com/show_bug.cgi?id=700317
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9