ghostscript

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An interpreter for the PostScript language
Version 9.26-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-786 9.25-3 9.25-4 High Fixed
AVG-256 9.21-1 9.21-2 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-18284 AVG-786 High Yes Sandbox escape
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
CVE-2018-18073 AVG-786 High Yes Sandbox escape
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an...
CVE-2018-17961 AVG-786 High Yes Sandbox escape
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup.
CVE-2017-8291 AVG-256 High Yes Arbitrary command execution
It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially...

Advisories

Date Advisory Group Severity Description
06 Nov 2018 ASA-201811-3 AVG-786 High sandbox escape
07 May 2017 ASA-201705-3 AVG-256 High arbitrary command execution