News / Press

Ghostscript security vulnerabilities resolved

By Lisa Fenn - Friday, August 24, 2018

Ghostscript security vulnerabilities resolved

Novato, CA August 24, 2018 – Artifex Software is pleased to report that the recently disclosed security vulnerabilities in Ghostscript have been resolved. On August 21, 2018, a Google Project Zero security researcher, disclosed Ghostscript security vulnerabilities, a CERT advisory was released that day as well.

As of August 24, 2018, all reported problems have been fixed and will be part of the next Ghostscript release in late September. Individual patches are available now in the Ghostscript repository and are listed below. We recommend applying these security fixes as soon as possible.

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b575e1ec

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8e9ce501

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=241d9111

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c432131c

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e01e77a3

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0edd3d6c

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a054156d

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0d390118

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c3476dde

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b326a716

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=78911a01

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5516c614

Artifex takes security issues very seriously and strongly encourages responsible and coordinated disclosure of vulnerabilities. Developers should be given the opportunity to fix security problems in advance of public disclosure.