rpm package
suse/ghostscript&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-18284 | — | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 19, 2018 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | ||
| CVE-2018-18073 | — | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 15, 2018 | Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | ||
| CVE-2018-17961 | — | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 15, 2018 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | ||
| CVE-2018-17183 | — | < 9.26-23.16.1 | 9.26-23.16.1 | Sep 19, 2018 | Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. |
- CVE-2018-18284Oct 19, 2018affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
- CVE-2018-18073Oct 15, 2018affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
- CVE-2018-17961Oct 15, 2018affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
- CVE-2018-17183Sep 19, 2018affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
Page 2 of 2