7.8

CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexGhostscript Version < 9.27
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
OpensuseLeap Version15.0
OpensuseLeap Version15.1
FedoraprojectFedora Version29
FedoraprojectFedora Version30
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
RedhatEnterprise Linux Version5.0
RedhatEnterprise Linux Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.76% 0.75
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
secalert@redhat.com 7.3 3.9 3.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-648 Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2019:0971
Third Party Advisory
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
https://access.redhat.com/errata/RHSA-2019:1017
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839
Patch
Third Party Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2019/05/msg00023.html
Third Party Advisory
https://seclists.org/bugtraq/2019/May/23
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3970-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4442
Third Party Advisory