CVE-2018-17961

Published: Oct 15, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a5a9bf8c6a63

x_refsource_CONFIRM

[oss-security] 20181009 ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)

mailing-list

x_refsource_MLIST

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6807394bd94

x_refsource_CONFIRM

https://bugs.ghostscript.com/show_bug.cgi?id=699816

x_refsource_CONFIRM

RHSA-2018:3834

vendor-advisory

x_refsource_REDHAT

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a54c9e61e7d0

x_refsource_CONFIRM

USN-3803-1

vendor-advisory

x_refsource_UBUNTU

DSA-4336

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20181022 [SECURITY] [DLA 1552-1] ghostscript security update

mailing-list

x_refsource_MLIST

45573

exploit

x_refsource_EXPLOIT-DB

https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-17961

Description

Affected Products

References