CVE-2018-18073

Published: Oct 15, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html

x_refsource_MISC

https://bugs.ghostscript.com/show_bug.cgi?id=699927

x_refsource_CONFIRM

RHSA-2018:3834

vendor-advisory

x_refsource_REDHAT

USN-3803-1

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20181010 ghostscript: saved execution stacks can leak operator arrays (CVE-2018-18073)

mailing-list

x_refsource_MLIST

DSA-4336

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20181022 [SECURITY] [DLA 1552-1] ghostscript security update

mailing-list

x_refsource_MLIST

https://bugs.chromium.org/p/project-zero/issues/detail?id=1690

x_refsource_MISC

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-18073

Description

Affected Products

References