CVE-2018-18284

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator...

CVE-2018-18284

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator...

CVE-2018-18284

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator...

CVE-2018-18284

Ghostscript 9.25 and earlier is affected by CVE-2018-18284, where the sandbox protection can be bypassed via vectors involving the 1Policy operator. Affected component: Ghostscript interpreter; root cause: sandbox bypass in policy handling. Impact: sandbox escape via crafted PostScript; in the Ar...

MGASA-2018-0408 Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix many bugs and security vulnerabilities: Bypassing executeonly to escape -dSAFER sandbox. CVE-2018-17961 Saved execution stacks can leak operator arrays. CVE-2018-18073 1Policy operator gives access to .forceput. CVE-2018-18284...

Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix many bugs and security vulnerabilities: Bypassing executeonly to escape -dSAFER sandbox. CVE-2018-17961 Saved execution stacks can leak operator arrays. CVE-2018-18073 1Policy operator gives access to .forceput. CVE-2018-18284...

CVE-2018-18284

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator...

UBUNTU-CVE-2018-18284

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator...

SUSE-SU-2018:2975-2 Security update for ghostscript

This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...

Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20181016)

Security Fixes : - It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. CVE-2018-16509 ...

Important: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix function in gdevpdts.c

The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impac...

ghostscript: LockDistillerParams type confusion (699656)

It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document...

ghostscript: /invalidaccess bypass after failed restore (699654)

It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document...

Artifex Ghostscript Security Bypass Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security bypass...

CentOS Update for ghostscript CESA-2018:2918 centos7

Check the version of ghostscript SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882962";...

RHEL 7 : ghostscript (RHSA-2018:2918)

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

CentOS 7 : ghostscript (CESA-2018:2918)

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Oracle Linux 7 : ghostscript (ELSA-2018-2918)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-2918 advisory. - Added security fixes for: - CVE-2018-16509 bug 1621156 - CVE-2018-15910 bug 1621157 - CVE-2018-16542 bug 1621380 Tenable has extracted the preceding...

ghostscript security update

CentOS Errata and Security Advisory CESA-2018:2918 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...