Artifex Ghostscript is vulnerable to authorization bypass vulnerability. This is because the LockSafetyParams is not checked correctly if another device is used. An attacker could use this flaw to bypass certain security restrictions and perform unauthorized actions.
CPE | Name | Operator | Version |
---|---|---|---|
ghostscript | eq | 9.07__20.el7_3.1 | |
ghostscript | eq | 9.07__29.el7_5.2 | |
ghostscript | eq | 9.07__28.el7_4.2 | |
ghostscript:stretch | eq | 9.26a~dfsg-0+deb9u6 |
www.securityfocus.com/bid/105990
access.redhat.com/errata/RHSA-2018:3834
access.redhat.com/security/updates/classification/#important
bugs.ghostscript.com/show_bug.cgi?id=700176
bugzilla.redhat.com/show_bug.cgi?id=1657822
git.ghostscript.com/?p=ghostpdl.git;a=commit;h=661e8d8fb8248c38d67958beda32f3a5876d0c3f
lists.debian.org/debian-lts-announce/2018/11/msg00036.html
security.gentoo.org/glsa/201811-12
usn.ubuntu.com/3831-1/
www.debian.org/security/2018/dsa-4346
www.ghostscript.com/doc/9.26/History9.htm#Version9.26