ghostscript

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An interpreter for the PostScript language
Version 9.55.0-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2374 9.54.0-2 9.54.0-3 High Fixed
AVG-1069 9.27-2 9.50-1 High Fixed
AVG-1031 9.27-2 9.50-1 High Fixed
AVG-929 9.26-2 9.27-1 High Fixed FS#62102
AVG-860 9.26-1 9.26-2 High Fixed
AVG-786 9.25-3 9.25-4 High Fixed
AVG-256 9.21-1 9.21-2 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-3781 AVG-2374 High Yes Arbitrary command execution
A trivial sandbox (enabled with the -dSAFER option) escape security issue was found in the ghostscript interpreter by injecting a specially crafted pipe...
CVE-2019-14869 AVG-1069 High No Sandbox escape
A way to escape the -dSAFER sandbox has been found in ghostscript before 9.50. The issue was still present in 9.50 but is mitigated by the recent -dSAFER rework.
CVE-2019-14817 AVG-1031 High No Sandbox escape
Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures.
CVE-2019-14813 AVG-1031 High No Sandbox escape
Safer Mode Bypass by .forceput Exposure in setsystemparams
CVE-2019-14812 AVG-1031 High No Sandbox escape
Safer Mode Bypass by .forceput Exposure in setuserparams
CVE-2019-14811 AVG-1031 High No Sandbox escape
Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator.
CVE-2019-6116 AVG-860 High Yes Sandbox escape
It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript...
CVE-2019-3838 AVG-929 High Yes Sandbox escape
It was found that the forceput operator could be extracted from the DefineResource method using methods similar to the ones described in CVE-2019-6116. A...
CVE-2019-3835 AVG-929 High Yes Sandbox escape
It was found that the superexec operator was available in the internal dictionary.  A specially crafted PostScript file could use this flaw in order to, for...
CVE-2018-18284 AVG-786 High Yes Sandbox escape
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
CVE-2018-18073 AVG-786 High Yes Sandbox escape
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an...
CVE-2018-17961 AVG-786 High Yes Sandbox escape
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup.
CVE-2017-8291 AVG-256 High Yes Arbitrary command execution
It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially...

Advisories

Date Advisory Group Severity Type
14 Sep 2021 ASA-202109-3 AVG-2374 High arbitrary command execution
03 Nov 2019 ASA-201911-5 AVG-1031 High sandbox escape
11 Apr 2019 ASA-201904-5 AVG-929 High sandbox escape
29 Jan 2019 ASA-201901-18 AVG-860 High sandbox escape
06 Nov 2018 ASA-201811-3 AVG-786 High sandbox escape
07 May 2017 ASA-201705-3 AVG-256 High arbitrary command execution