Published: 25/03/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript prior to 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex ghostscript
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux 6.0
redhat enterprise linux server 7.0
redhat enterprise linux 5.0
redhat enterprise linux server tus 7.6
redhat enterprise linux server eus 7.6
redhat enterprise linux server aus 7.6
redhat ansible tower 3.3
fedoraproject fedora 28
fedoraproject fedora 29
fedoraproject fedora 30
opensuse leap 42.3
opensuse leap 15.0
debian debian linux 8.0
debian debian linux 9.0

Several security issues were fixed in Ghostscript ...

Debian Bug report logs - #925256 ghostscript: CVE-2019-3835: superexec operator is available Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 21 Mar 2019 21:06:02 UTC Severity: grave Ta ...

Debian Bug report logs - #925257 ghostscript: CVE-2019-3838: forceput in DefineResource is still accessible Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 21 Mar 2019 21:06:05 UTC Sev ...

Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox For the stable distribution (stretch), these problems have been fixed in version 926a~dfsg-0+deb9u2 We recommend that you upgrade your ghostscript packages For the deta ...

Synopsis Important: ghostscript security and bug fix update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Moderate: Red Hat Ansible Tower 335 Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 335 Description For a list of changes included in this release, please read the Ansible Tower Release Notes: docsansiblecom/ansible-tower/latest/html/release-note ...

Artifex Ghostscript before 925 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (CVE-2018-17183) Artifex Ghostscript 925 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involv ...

Impact: Important Public Date: 2019-03-21 CWE: CWE-648 Bugzilla: 1677581: CVE-2019-3838 ghostscript: fo ...

It was found that the forceput operator could be extracted from the DefineResource method using methods similar to the ones described in CVE-2019-6116 A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER ...

NVD-CWE-Other https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838 https://bugs.ghostscript.com/show_bug.cgi?id=700576 https://access.redhat.com/errata/RHSA-2019:0652 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html https://seclists.org/bugtraq/2019/Apr/4 http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html https://www.debian.org/security/2019/dsa-4432 https://seclists.org/bugtraq/2019/Apr/28 https://lists.debian.org/debian-lts-announce/2019/04/msg00021.html https://access.redhat.com/errata/RHSA-2019:0971 https://security.gentoo.org/glsa/202004-03 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVERLGEU3OV6RNZ2SIBXREWD3BF5H23N/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANBSCZABXQUEQWIKNWJ35IYX24M227EI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A43SRQAEHQCKSEMIBINHUNIGHTDCZD7F/https://usn.ubuntu.com/3915-1/https://nvd.nist.gov

Get Started

CVE-2019-3838

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect