Описание
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 9.26~dfsg+0-0ubuntu0.18.04.9 |
| cosmic | released | 9.26~dfsg+0-0ubuntu0.18.10.9 |
| devel | released | 9.26~dfsg+0-0ubuntu8 |
| disco | released | 9.26~dfsg+0-0ubuntu7.1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 9.26~dfsg+0-0ubuntu0.18.04.9 |
| esm-infra/xenial | released | 9.26~dfsg+0-0ubuntu0.16.04.9 |
| precise/esm | DNE | |
| trusty/esm | DNE | |
| upstream | released | 9.27~dfsg-1 |
Показывать по
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
It was found that in ghostscript some privileged operators remained ac ...
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.28 are vulnerable.
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3