Errata overview
Errata ID 362
Date 2018-12-05
Source package ghostscript
Fixed in version 9.26~dfsg-0+deb9u1
Description
This update addresses the following issues:
* Improperly implemented security check in zsetdevice function in
  psi/zdevice.c (CVE-2018-19409)
* psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers
  to bypass intended access restrictions because available stack space is not
  checked when the device remains the same. (CVE-2018-19475)
* psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to
  bypass intended access restrictions because of a setcolorspace type
  confusion. (CVE-2018-19476)
* psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to
  bypass intended access restrictions because of a JBIG2Decode type
  confusion. (CVE-2018-19477)
Additional notes
CVE ID CVE-2018-19409
CVE-2018-19475
CVE-2018-19476
CVE-2018-19477
UCS Bug number #48238