CVE-2018-18284

Name
CVE-2018-18284
Description
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=699963
Issue Tracking https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
Exploit http://www.openwall.com/lists/oss-security/2018/10/16/2
Patch http://git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b
Mailing List https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html
Third Party Advisory https://usn.ubuntu.com/3803-1/
Third Party Advisory https://www.debian.org/security/2018/dsa-4336
Mitigation https://security.gentoo.org/glsa/201811-12
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3834
Patch https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
VDB Entry http://www.securityfocus.com/bid/107451
CONFIRM https://support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* ghostscript >= None <= 9.25

Vulnerable and fixed packages

Source package Branch Version Maintainer Status