Описание
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ghostscript | fixed | 9.25~dfsg-1~exp1 | experimental | package |
| ghostscript | fixed | 9.25~dfsg-1 | package |
Примечания
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519aa3e79db78aaf0589dae02103764
https://bugs.ghostscript.com/show_bug.cgi?id=699654
Partially fixed in 9.22~dfsg-3, see #907703
Связанные уязвимости
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
