CVE-2019-3839

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

References

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html

https://access.redhat.com/errata/RHSA-2019:0971

https://access.redhat.com/errata/RHSA-2019:1017

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839

https://lists.debian.org/debian-lts-announce/2019/05/msg00023.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/

https://seclists.org/bugtraq/2019/May/23

https://usn.ubuntu.com/3970-1/

https://www.debian.org/security/2019/dsa-4442

Details

Source: MITRE

Published: 2019-05-16

Updated: 2020-10-15

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
146633Amazon Linux 2 : ghostscript (ALAS-2021-1598)NessusAmazon Linux Local Security Checks
critical
145662CentOS 8 : ghostscript (CESA-2019:0971)NessusCentOS Local Security Checks
high
129601Fedora 31 : ghostscript (2019-0a9d525d71)NessusFedora Local Security Checks
critical
129483openSUSE Security Update : ghostscript (openSUSE-2019-2223)NessusSuSE Local Security Checks
critical
129482openSUSE Security Update : ghostscript (openSUSE-2019-2222)NessusSuSE Local Security Checks
critical
129423Fedora 29 : ghostscript (2019-ebd6c4f15a)NessusFedora Local Security Checks
critical
129404SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2019:2478-1)NessusSuSE Local Security Checks
critical
129381SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2019:2460-1)NessusSuSE Local Security Checks
critical
129323Fedora 30 : ghostscript (2019-953fc0f16d)NessusFedora Local Security Checks
critical
129224EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-2031)NessusHuawei Local Security Checks
high
127568Oracle Linux 8 : ghostscript (ELSA-2019-0971)NessusOracle Linux Local Security Checks
high
127300NewStart CGSL CORE 5.05 / MAIN 5.05 : ghostscript Vulnerability (NS-SA-2019-0085)NessusNewStart CGSL Local Security Checks
high
127293NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Vulnerability (NS-SA-2019-0081)NessusNewStart CGSL Local Security Checks
high
126858EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2019-1731)NessusHuawei Local Security Checks
high
125631Artifex Ghostscript < 9.27 PostScript Security Bypass VulnerabilityNessusWindows
high
125565EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2019-1613)NessusHuawei Local Security Checks
high
125503EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1576)NessusHuawei Local Security Checks
high
125286Virtuozzo 7 : ghostscript / ghostscript-cups / ghostscript-devel / etc (VZLSA-2019-1017)NessusVirtuozzo Local Security Checks
high
125106Oracle Linux 7 : ghostscript (ELSA-2019-1017)NessusOracle Linux Local Security Checks
high
124871CentOS 7 : ghostscript (CESA-2019:1017)NessusCentOS Local Security Checks
high
124780Debian DSA-4442-1 : ghostscript - security updateNessusDebian Local Security Checks
high
124717Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : ghostscript vulnerability (USN-3970-1)NessusUbuntu Local Security Checks
high
124704Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20190507)NessusScientific Linux Local Security Checks
high
124690RHEL 7 : ghostscript (RHSA-2019:1017)NessusRed Hat Local Security Checks
high
124664RHEL 8 : ghostscript (RHSA-2019:0971)NessusRed Hat Local Security Checks
high