CVE-2019-3839
16.05.2019, 19:29
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| artifex | ghostscript | 𝑥 < 9.27 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| opensuse | leap | 15.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 19.04 |
| redhat | enterprise_linux | 5.0 |
| redhat | enterprise_linux | 6.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ghostscript |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ghostscript-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ghostscript-x11 |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||
|---|---|---|---|---|---|---|---|
| ghostscript |
| ||||||
| ghostscript-cups |
| ||||||
| ghostscript-devel |
| ||||||
| ghostscript-doc |
| ||||||
| ghostscript-gtk |
| ||||||
| ghostscript-tools-dvipdf |
| ||||||
| ghostscript-tools-fonts |
| ||||||
| ghostscript-tools-printing |
| ||||||
| ghostscript-x11 |
| ||||||
| libgs |
| ||||||
| libgs-devel |
|
References