CVE-2019-3838 - It was found that the forceput operator could be extracted from the DefineResource method in ghostsc

CVE-2019-3838

Summary

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

References

Vulnerable Configurations

cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 15-10-2020 - 14:05)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

redhat via4

advisories

bugzilla

id	1677588
title	CVE-2019-3835 ghostscript: superexec operator is available (700585)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment ghostscript is earlier than 0:9.07-31.el7_6.10
oval oval:com.redhat.rhsa:tst:20190633001
comment ghostscript is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095009

AND

comment ghostscript-cups is earlier than 0:9.07-31.el7_6.10
oval oval:com.redhat.rhsa:tst:20190633003
comment ghostscript-cups is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20170013004

AND

comment ghostscript-devel is earlier than 0:9.07-31.el7_6.10
oval oval:com.redhat.rhsa:tst:20190633005
comment ghostscript-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095011

AND

comment ghostscript-doc is earlier than 0:9.07-31.el7_6.10
oval oval:com.redhat.rhsa:tst:20190633007
comment ghostscript-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095013

AND

comment ghostscript-gtk is earlier than 0:9.07-31.el7_6.10
oval oval:com.redhat.rhsa:tst:20190633009
comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095015

rhsa

id	RHSA-2019:0633
released	2019-03-21
severity	Important
title	RHSA-2019:0633: ghostscript security and bug fix update (Important)

rhsa
id RHSA-2019:0652
rhsa
id RHSA-2019:0971

rpms

ghostscript-0:9.07-31.el7_6.10
ghostscript-cups-0:9.07-31.el7_6.10
ghostscript-debuginfo-0:9.07-31.el7_6.10
ghostscript-devel-0:9.07-31.el7_6.10
ghostscript-doc-0:9.07-31.el7_6.10
ghostscript-gtk-0:9.07-31.el7_6.10
ghostscript-0:9.25-2.el8_0.1
ghostscript-debuginfo-0:9.25-2.el8_0.1
ghostscript-debugsource-0:9.25-2.el8_0.1
ghostscript-doc-0:9.25-2.el8_0.1
ghostscript-gtk-debuginfo-0:9.25-2.el8_0.1
ghostscript-tools-dvipdf-0:9.25-2.el8_0.1
ghostscript-tools-fonts-0:9.25-2.el8_0.1
ghostscript-tools-printing-0:9.25-2.el8_0.1
ghostscript-x11-0:9.25-2.el8_0.1
ghostscript-x11-debuginfo-0:9.25-2.el8_0.1
libgs-0:9.25-2.el8_0.1
libgs-debuginfo-0:9.25-2.el8_0.1
libgs-devel-0:9.25-2.el8_0.1

refmap via4

bugtraq	20190402 [slackware-security] ghostscript (SSA:2019-092-01) 20190417 [SECURITY] [DSA 4432-1] ghostscript security update
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838
debian	DSA-4432
fedora	FEDORA-2019-1a2c059afd FEDORA-2019-9f28451404 FEDORA-2019-d5d9cfd359
gentoo	GLSA-202004-03
misc	http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html https://bugs.ghostscript.com/show_bug.cgi?id=700576
mlist	[debian-lts-announce] 20190423 [SECURITY] [DLA 1761-1] ghostscript security update
suse	openSUSE-SU-2019:1119 openSUSE-SU-2019:1121

Last major update

15-10-2020 - 14:05

Published

25-03-2019 - 19:29

Last modified

15-10-2020 - 14:05