Published: 16/05/2019 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions prior to 9.27 are vulnerable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex ghostscript
debian debian linux 8.0
debian debian linux 9.0
opensuse leap 15.0
opensuse leap 15.1
fedoraproject fedora 29
fedoraproject fedora 30
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
canonical ubuntu linux 19.04
redhat enterprise linux 6.0
redhat enterprise linux 5.0

Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file ...

Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled) For the stable distribution (stretch), this problem has been fixed in version 926a~dfsg-0+deb9u3 We rec ...

Artifex Ghostscript before 925 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (CVE-2018-17183) Artifex Ghostscript 925 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involv ...

Impact: Important Public Date: 2019-05-02 CWE: CWE-648 Bugzilla: 1673304: CVE-2019-3839 ghostscript: mi ...

NVD-CWE-noinfo https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839 https://lists.debian.org/debian-lts-announce/2019/05/msg00023.html https://www.debian.org/security/2019/dsa-4442 https://usn.ubuntu.com/3970-1/https://seclists.org/bugtraq/2019/May/23 https://access.redhat.com/errata/RHSA-2019:1017 https://access.redhat.com/errata/RHSA-2019:0971 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/https://usn.ubuntu.com/3970-1/https://nvd.nist.gov

CVE-2019-3839

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect