CVE-2019-3839 — Incorrect Use of Privileged APIs in Ghostscript
Severity
7.8HIGHNVD
EPSS
0.2%
top 58.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 16
Latest updateMay 24
Description
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 29, 30, Ubuntu Linux 16.04, 18.04, 18.10, 19.04, Enterprise Linux 5.0, 6.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-wxr2-p327-97jr: It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix↗2022-05-24
CVEList▶
CVE-2019-3839: It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix↗2019-05-16
OSV▶
CVE-2019-3839: It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix↗2019-05-16
📋Vendor Advisories
4Debian▶
CVE-2019-3839: ghostscript - It was found that in ghostscript some privileged operators remained accessible f...↗2019