QwikSec

Security Database

CVE

CWE

Training

CVE-2019-3839

Published: May 16, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

7.3

HIGH

Description

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

Vendor	Product	Versions
The ghostscript Project	ghostscript	affected `9.28`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_DEBIAN

20190512 [SECURITY] [DSA 4442-1] ghostscript security update

mailing-list

x_refsource_BUGTRAQ

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9

x_refsource_CONFIRM

[debian-lts-announce] 20190519 [SECURITY] [DLA 1792-1] ghostscript security update

mailing-list

x_refsource_MLIST

FEDORA-2019-953fc0f16d

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-ebd6c4f15a

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2019:2222

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2223

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.