CVE-2019-25059Improper Use of Validation Framework in Ghostscript

CWE-1173Improper Use of Validation Framework8 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 61.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex GhostscriptDebian Linux
Timeline
PublishedApr 25
Latest updateJun 8

Description

Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debianartifex/ghostscript< 9.27~dfsg-1+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-77gr-wgqv-qjfm: Artifex Ghostscript through 92022-04-26
OSV
CVE-2019-25059: Artifex Ghostscript through 92022-04-25
CVEList
CVE-2019-25059: Artifex Ghostscript through 92022-04-25

📋Vendor Advisories

4
Ubuntu
Ghostscript vulnerability2022-06-08
Ubuntu
Ghostscript vulnerability2022-04-28
Red Hat
ghostscript: Mishandling of .completefont (incomplete fix for CVE-2019-3839)2022-04-25
Debian
CVE-2019-25059: ghostscript - Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exis...2019
CVE-2019-25059 — Improper Use of Validation Framework | cvebase