Artifex: >> Ghostscript >> 9.26 Security Vulnerabilities
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
CVSS Score
7.3
EPSS Score
0.014
Published
2019-03-25
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
CVSS Score
7.8
EPSS Score
0.646
Published
2019-03-21
Page 7