psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.
Max CVSS
5.3
EPSS Score
0.60%
Published
2018-06-01
Updated
2018-11-11
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
Max CVSS
8.6
EPSS Score
0.20%
Published
2018-10-15
Updated
2019-10-03
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
Max CVSS
6.3
EPSS Score
0.21%
Published
2018-10-15
Updated
2020-10-22
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
Max CVSS
8.6
EPSS Score
0.12%
Published
2018-10-19
Updated
2019-11-05
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!