CVE-2019-3839

HIGH Year: 2019
CVSS v3 Score
7.3
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-648
View all →

Vulnerability Description

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

Related Vulnerabilities

CVE-2019-10216

HIGH
CVSS:7.3(High)

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by crea...

CWE-6482019

CVE-2019-14811

HIGH
CVSS:7.3(High)

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions...

CWE-6482019

CVE-2019-14812

HIGH
CVSS:7.3(High)

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions....

CWE-6482019

CVE-2019-14813

HIGH
CVSS:7.3(High)

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A ...

CWE-6482019

CVE-2019-14817

HIGH
CVSS:7.3(High)

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restricti...

CWE-6482019

CVE-2019-14869

HIGH
CVSS:7.3(High)

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictio...

CWE-6482019