Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-3839

Опубликовано: 16 мая 2019
Источник: debian
EPSS Низкий

Описание

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ghostscriptfixed9.27~dfsg-1package

Примечания

  • https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9

  • To prevent pdf2dsc regression additionally:

  • https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=db24f253409d5d085c2760c814c3e1d3fa2dac59

EPSS

Процентиль: 34%
0.00132
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-3839

CVSS3: 7.8
ubuntu
больше 6 лет назад

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

redhat логотип

CVE-2019-3839

CVSS3: 7.3
redhat
больше 6 лет назад

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

nvd логотип

CVE-2019-3839

CVSS3: 7.8
nvd
больше 6 лет назад

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

github логотип

GHSA-wxr2-p327-97jr

CVSS3: 7.8
github
больше 3 лет назад

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.28 are vulnerable.

oracle-oval логотип

ELSA-2019-1017

oracle-oval
больше 6 лет назад

ELSA-2019-1017: ghostscript security update (IMPORTANT)

EPSS

Процентиль: 34%
0.00132
Низкий