CVE-2018-19409 – ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c
https://notcve.org/view.php?id=CVE-2018-19409
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Se ha descubierto un problema en versiones anteriores a la 9.26 de Artifex Ghostscript. LockSafetyParams no se comprueba correctamente si se emplea otro dispositivo. • http://www.securityfocus.com/bid/105990 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=700176 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3831-1 https://www.debian.org/security/2018/dsa-4346 https://www.ghostscript.com/doc/9.26/History9.htm#Version9 • CWE-391: Unchecked Error Condition •
CVE-2018-18284 – ghostscript: 1Policy operator allows a sandbox protection bypass
https://notcve.org/view.php?id=CVE-2018-18284
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Artifex Ghostscript 9.25 y anteriores permite que los atacantes omitan un mecanismo de protección de sandbox mediante vectores relacionados con el operador 1Policy. • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b http://www.openwall.com/lists/oss-security/2018/10/16/2 http://www.securityfocus.com/bid/107451 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1696 https://bugs.ghostscript.com/show_bug.cgi?id=699963 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html https: •
CVE-2018-17961 – ghostscript - executeonly Bypass with errorhandler Setup
https://notcve.org/view.php?id=CVE-2018-17961
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. Artifex Ghostscript 9.25 y anteriores permite que los atacantes omitan un mecanismo de protección de sandbox mediante vectores relacionados con la configuración de errorhandler. NOTA: este problema existe debido a una solución incompleta para CVE-2018-17183. Ghostscript suffers from an executeonly bypass with errorhandler setup. • https://www.exploit-db.com/exploits/45573 https://github.com/matlink/CVE-2018-17961 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a54c9e61e7d0 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a5a9bf8c6a63 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6807394bd94 http://www.openwall.com/lists/oss-security/2018/10/09/4 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc& • CWE-209: Generation of Error Message Containing Sensitive Information CWE-460: Improper Cleanup on Thrown Exception •
CVE-2018-18073 – ghostscript: Saved execution stacks can leak operator arrays
https://notcve.org/view.php?id=CVE-2018-18073
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Artifex Ghostscript permite que los atacantes omitan un mecanismo de protección de sandbox aprovechando la exposición de los operadores del sistema en la pila de ejecución guardada en un objeto error. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html http://www.openwall.com/lists/oss-security/2018/10/10/12 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.chromium.org/p/project-zero/issues/detail?id=1690 https://bugs.ghostscript.com/show_bug.cgi?id=699927 https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html https://usn.ubuntu.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-460: Improper Cleanup on Thrown Exception •
CVE-2018-17183 – ghostscript: User-writable error exception table
https://notcve.org/view.php?id=CVE-2018-17183
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. Artifex Ghostscript en versiones anteriores a la 9.25 permitía una tabla de excepción de error que puede escribir el usuario. Esta tabla podía ser usada por los atacantes remotos capaces de proporcionar PostScript manipulados para poder sobrescribir o reemplazar manipuladores de errores para inyectar código. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=fb713b3818b52d8a6cf62c951eba2e1795ff9624 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=699708 https://lists.debian.org/debian-lts-announce/2018/09/msg00038.html https://usn.ubuntu.com/3773-1 https://access.redhat.com/security/cve/CVE-2018-17183 https://bugzilla.redhat.com/show_bug.cgi?id=1632471 • CWE-460: Improper Cleanup on Thrown Exception •