CVE-2019-3835 - It was found that the superexec operator was available in the internal dictionary in ghostscript bef

CVE-2019-3835

Summary

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

References

Vulnerable Configurations

cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 15-10-2020 - 13:50)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

redhat via4

advisories

rhsa
id RHSA-2019:0652
rhsa
id RHSA-2019:0971

rpms

ghostscript-0:9.07-31.el7_6.10
ghostscript-cups-0:9.07-31.el7_6.10
ghostscript-debuginfo-0:9.07-31.el7_6.10
ghostscript-devel-0:9.07-31.el7_6.10
ghostscript-doc-0:9.07-31.el7_6.10
ghostscript-gtk-0:9.07-31.el7_6.10
ghostscript-0:9.25-2.el8_0.1
ghostscript-debuginfo-0:9.25-2.el8_0.1
ghostscript-debugsource-0:9.25-2.el8_0.1
ghostscript-doc-0:9.25-2.el8_0.1
ghostscript-gtk-debuginfo-0:9.25-2.el8_0.1
ghostscript-tools-dvipdf-0:9.25-2.el8_0.1
ghostscript-tools-fonts-0:9.25-2.el8_0.1
ghostscript-tools-printing-0:9.25-2.el8_0.1
ghostscript-x11-0:9.25-2.el8_0.1
ghostscript-x11-debuginfo-0:9.25-2.el8_0.1
libgs-0:9.25-2.el8_0.1
libgs-debuginfo-0:9.25-2.el8_0.1
libgs-devel-0:9.25-2.el8_0.1

refmap via4

bid	107855
bugtraq	20190402 [slackware-security] ghostscript (SSA:2019-092-01) 20190417 [SECURITY] [DSA 4432-1] ghostscript security update
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3835
debian	DSA-4432
fedora	FEDORA-2019-1a2c059afd FEDORA-2019-9f28451404 FEDORA-2019-d5d9cfd359
gentoo	GLSA-202004-03
misc	http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html https://bugs.ghostscript.com/show_bug.cgi?id=700585
mlist	[debian-lts-announce] 20190423 [SECURITY] [DLA 1761-1] ghostscript security update
suse	openSUSE-SU-2019:2222 openSUSE-SU-2019:2223

Last major update

15-10-2020 - 13:50

Published

25-03-2019 - 19:29

Last modified

15-10-2020 - 13:50