CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

high8.6CVSS 3.0

AVLACLPRNUIRSCCHIHAH

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

22 ranges

Vendor	Product	Version range	Fixed in
artifex	ghostscript	<= 9.25	—
artifex	ghostscript	>= 0 < 9.25~dfsg-3	9.25~dfsg-3
artifex	ghostscript	>= 0 < 9.25~dfsg-3	9.25~dfsg-3
artifex	ghostscript	>= 0 < 9.25~dfsg-3	9.25~dfsg-3
artifex	ghostscript	>= 0 < 9.25~dfsg-3	9.25~dfsg-3
artifex	gpl_ghostscript	< 9.26	9.26
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	ghostscript	< ghostscript 9.25~dfsg-3 (bookworm)	ghostscript 9.25~dfsg-3 (bookworm)
pulsesecure	pulse_connect_secure	>= 8.2r1.0 < 8.2r12.1	8.2r12.1
pulsesecure	pulse_connect_secure	>= 8.3r1 < 8.3r7.1	8.3r7.1
pulsesecure	pulse_connect_secure	>= 9.0r1 < 9.0r3.4	9.0r3.4
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_workstation	—	—

nvdv3.08.6HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

osv8.6HIGH