Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-3835

Опубликовано: 25 мар. 2019
Источник: debian
EPSS Низкий

Описание

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ghostscriptfixed9.27~~dc1~dfsg-1experimentalpackage
ghostscriptfixed9.27~dfsg-1package

Примечания

  • https://www.openwall.com/lists/oss-security/2019/03/21/1

  • https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=205591753126802da850ada6511a0ff8411aa287

  • https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e6450d74619e6277efeebfc222d9a5cb91 (needed dependency)

  • https://bugs.ghostscript.com/show_bug.cgi?id=700585

EPSS

Процентиль: 82%
0.01702
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-3835

CVSS3: 5.5
ubuntu
больше 6 лет назад

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

redhat логотип

CVE-2019-3835

CVSS3: 7.3
redhat
больше 6 лет назад

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

nvd логотип

CVE-2019-3835

CVSS3: 5.5
nvd
больше 6 лет назад

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

github логотип

GHSA-22vx-j9g4-5q8f

CVSS3: 5.5
github
больше 3 лет назад

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

fstec логотип

BDU:2019-01299

CVSS3: 7.3
fstec
больше 6 лет назад

Уязвимость программы конвертирования файлов Ghostscript, связанная с небезопасным управлением привилегиями, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 82%
0.01702
Низкий