Vulnerability CVE-2019-3839


Published: 2019-05-16

Description:
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Artifex
Product: Ghostscript 
Version:
9.27
9.26
9.25
9.24
9.23
9.22
9.21
9.20
9.19
9.18
9.16
9.15
9.14
9.10
9.09
9.07
8_64
Vendor: Debian
Product: Debian linux 
Version: 8.0;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
https://access.redhat.com/errata/RHSA-2019:0971
https://access.redhat.com/errata/RHSA-2019:1017
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839
https://lists.debian.org/debian-lts-announce/2019/05/msg00023.html
https://seclists.org/bugtraq/2019/May/23
https://usn.ubuntu.com/3970-1/
https://www.debian.org/security/2019/dsa-4442

Related CVE
CVE-2012-1114
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
CVE-2012-1115
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
CVE-2013-2745
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0
CVE-2015-7542
An issue exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.
CVE-2014-3591
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluct...
CVE-2013-7325
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
CVE-2013-2106
webauth before 4.6.1 has authentication credential disclosure
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or ...

Copyright 2019, cxsecurity.com

 

Back to Top