The Ghostscript Project Ghostscript vulnerabilities

3 known vulnerabilities affecting the_ghostscript_project/ghostscript.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2019-3839HIGHCVSS 7.8v9.282019-05-16

CVE-2019-3839 [HIGH] CWE-648 CVE-2019-3839: It was found that in ghostscript some privileged operators remained accessible from various places a It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

CVE-2019-3835MEDIUMCVSS 5.5v9.272019-03-25

CVE-2019-3835 [MEDIUM] CWE-648 CVE-2019-3835: It was found that the superexec operator was available in the internal dictionary in ghostscript bef It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

CVE-2019-3838MEDIUMCVSS 5.5v9.272019-03-25

CVE-2019-3838 [MEDIUM] CWE-648 CVE-2019-3838: It was found that the forceput operator could be extracted from the DefineResource method in ghostsc It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.