Artifex Software, Inc. Information for VU#332928

Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Ghostscript security vulnerabilities resolved

Novato, CA August 24, 2018 – Artifex Software is pleased to report that the recently
disclosed security vulnerabilities in Ghostscript have been resolved. On August 21,
2018, a Google Project Zero security researcher, disclosed Ghostscript
security vulnerabilities, a CERT advisory was released that day as well.

As of August 24, 2018, all reported problems have been fixed and will be part of the
next Ghostscript release in late September. Individual patches are available now in the
Ghostscript repository and are listed below. We recommend applying these security
fixes as soon as possible.;a=commitdiff;h=b575e1ec;a=commitdiff;h=8e9ce501;a=commitdiff;h=241d9111;a=commitdiff;h=c432131c;a=commitdiff;h=e01e77a3;a=commitdiff;h=e01e77a3;a=commitdiff;h=0edd3d6c;a=commitdiff;h=a054156d;a=commitdiff;h=0d390118;a=commitdiff;h=c3476dde;a=commitdiff;h=b326a716;a=commitdiff;h=78911a01;a=commitdiff;h=5516c614

Artifex takes security issues very seriously and strongly encourages responsible and
coordinated disclosure of vulnerabilities. Developers should be given the opportunity to
fix security problems in advance of public disclosure.

Vendor References


There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.