Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:166008
[Eng]
Version
3
Class
patch
ALTXid
375257
Language
Russian
Severity
Critical
Title
ALAS-2021-1598 -- обновление безопасности для ghostscript
Description
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. (CVE-2018-17183)
Family
unix
Platform
Amazon Linux 2
Product
ghostscript
Reference
VENDOR: ALAS-2021-1598
VENDOR: ALAS-2021-1598
Id:
ALAS-2021-1598
Reference:
https://alas.aws.amazon.com/AL2/ALAS-2021-1598.html
CVE: CVE-2018-17183
CVE: CVE-2018-17183
Id:
CVE-2018-17183
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17183
Comment
: Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
https://bugs.ghostscript.com/show_bug.cgi?id=699708 (MISC)
[debian-lts-announce] 20180930 [SECURITY] [DLA 1527-1] ghostscript security update (MLIST)
USN-3773-1 (UBUNTU)
RHSA-2018:3834 (REDHAT)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=fb713b3818b52d8a6cf62c951eba2e1795ff9624 ()
CVE: CVE-2018-17961
CVE: CVE-2018-17961
Id:
CVE-2018-17961
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17961
Comment
: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE:
209 (Information Exposure Through an Error Message)
References:
45573 (EXPLOIT-DB)
https://bugs.ghostscript.com/show_bug.cgi?id=699816 (CONFIRM)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2 (MISC)
[oss-security] 20181009 ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (MLIST)
[debian-lts-announce] 20181022 [SECURITY] [DLA 1552-1] ghostscript security update (MLIST)
USN-3803-1 (UBUNTU)
DSA-4336 (DEBIAN)
RHSA-2018:3834 (REDHAT)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a5a9bf8c6a63 ()
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6807394bd94 ()
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a54c9e61e7d0 ()
CVE: CVE-2018-18073
CVE: CVE-2018-18073
Id:
CVE-2018-18073
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18073
Comment
: Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=699927 (CONFIRM)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1690 (MISC)
[oss-security] 20181010 ghostscript: saved execution stacks can leak operator arrays (CVE-2018-18073) (MLIST)
http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html (MISC)
[debian-lts-announce] 20181022 [SECURITY] [DLA 1552-1] ghostscript security update (MLIST)
USN-3803-1 (UBUNTU)
DSA-4336 (DEBIAN)
RHSA-2018:3834 (REDHAT)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c ()
CVE: CVE-2018-18284
CVE: CVE-2018-18284
Id:
CVE-2018-18284
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18284
Comment
: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References:
https://bugs.ghostscript.com/show_bug.cgi?id=699963 (MISC)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1696 (MISC)
[oss-security] 20181016 ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 (MLIST)
[debian-lts-announce] 20181022 [SECURITY] [DLA 1552-1] ghostscript security update (MLIST)
USN-3803-1 (UBUNTU)
DSA-4336 (DEBIAN)
GLSA-201811-12 (GENTOO)
RHSA-2018:3834 (REDHAT)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 (CONFIRM)
107451 (BID)
http://git.ghostscript.com/?p=ghostpdl.git%3Bh=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b ()
https://support.f5.com/csp/article/K22141757?utm_source=f5support&%3Butm_medium=RSS ()
CVE: CVE-2018-19134
CVE: CVE-2018-19134
Id:
CVE-2018-19134
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19134
Comment
: In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
704 (Incorrect Type Conversion or Cast)
References:
https://www.ghostscript.com/doc/9.26/News.htm (CONFIRM)
https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf (MISC)
https://bugs.ghostscript.com/show_bug.cgi?id=700141 (CONFIRM)
RHSA-2018:3834 (REDHAT)
106278 (BID)
[debian-lts-announce] 20181227 [SECURITY] [DLA 1620-1] ghostscript security update (MLIST)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=693baf02152119af6e6afd30bb8ec76d14f84bbf ()
CVE: CVE-2018-19409
CVE: CVE-2018-19409
Id:
CVE-2018-19409
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19409
Comment
: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26 (MISC)
https://bugs.ghostscript.com/show_bug.cgi?id=700176 (MISC)
105990 (BID)
GLSA-201811-12 (GENTOO)
DSA-4346 (DEBIAN)
[debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update (MLIST)
USN-3831-1 (UBUNTU)
RHSA-2018:3834 (REDHAT)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f ()
CVE: CVE-2018-19475
CVE: CVE-2018-19475
Id:
CVE-2018-19475
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19475
Comment
: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26 (MISC)
https://bugs.ghostscript.com/show_bug.cgi?id=700153 (MISC)
DSA-4346 (DEBIAN)
[debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update (MLIST)
USN-3831-1 (UBUNTU)
106154 (BID)
https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf (MISC)
RHSA-2019:0229 (REDHAT)
RHBA-2019:0327 (REDHAT)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3005fcb9bb160af199e761e03bc70a9f249a987e ()
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=aeea342904978c9fe17d85f4906a0f6fcce2d315 ()
CVE: CVE-2018-19476
CVE: CVE-2018-19476
Id:
CVE-2018-19476
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19476
Comment
: psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
704 (Incorrect Type Conversion or Cast)
References:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26 (MISC)
https://bugs.ghostscript.com/show_bug.cgi?id=700169 (MISC)
DSA-4346 (DEBIAN)
[debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update (MLIST)
USN-3831-1 (UBUNTU)
106154 (BID)
https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf (MISC)
RHSA-2019:0229 (REDHAT)
RHBA-2019:0327 (REDHAT)
http://git.ghostscript.com/?p=ghostpdl.git%3Bh=434753adbe8be5534bfb9b7d91746023e8073d16 ()
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=67d760ab775dae4efe803b5944b0439aa3c0b04a ()
CVE: CVE-2018-19477
CVE: CVE-2018-19477
Id:
CVE-2018-19477
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19477
Comment
: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
704 (Incorrect Type Conversion or Cast)
References:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26 (MISC)
https://bugs.ghostscript.com/show_bug.cgi?id=700168 (MISC)
DSA-4346 (DEBIAN)
[debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update (MLIST)
USN-3831-1 (UBUNTU)
106154 (BID)
https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf (MISC)
RHSA-2019:0229 (REDHAT)
RHBA-2019:0327 (REDHAT)
http://git.ghostscript.com/?p=ghostpdl.git%3Bh=606a22e77e7f081781e99e44644cd0119f559e03 ()
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ef252e7dc214bcbd9a2539216aab9202848602bb ()
CVE: CVE-2019-14811
CVE: CVE-2019-14811
Id:
CVE-2019-14811
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14811
Comment
: A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
863 (Incorrect Authorization)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811 (CONFIRM)
DSA-4518 (DEBIAN)
[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update (MLIST)
20190910 [SECURITY] [DSA 4518-1] ghostscript security update (BUGTRAQ)
RHSA-2019:2594 (REDHAT)
openSUSE-SU-2019:2222 (SUSE)
openSUSE-SU-2019:2223 (SUSE)
RHBA-2019:2824 (REDHAT)
GLSA-202004-03 (GENTOO)
FEDORA-2019-0a9d525d71 ()
FEDORA-2019-953fc0f16d ()
FEDORA-2019-ebd6c4f15a ()
CVE: CVE-2019-14812
CVE: CVE-2019-14812
Id:
CVE-2019-14812
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14812
Comment
: A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
732 (Incorrect Permission Assignment for Critical Resource)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14812 (CONFIRM)
https://access.redhat.com/security/cve/cve-2019-14812 (CONFIRM)
https://bugs.ghostscript.com/show_bug.cgi?id=701444 (CONFIRM)
GLSA-202004-03 (GENTOO)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33 ()
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/ ()
CVE: CVE-2019-14813
CVE: CVE-2019-14813
Id:
CVE-2019-14813
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14813
Comment
: A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
863 (Incorrect Authorization)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813 (CONFIRM)
DSA-4518 (DEBIAN)
[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update (MLIST)
20190910 [SECURITY] [DSA 4518-1] ghostscript security update (BUGTRAQ)
RHSA-2019:2594 (REDHAT)
openSUSE-SU-2019:2222 (SUSE)
openSUSE-SU-2019:2223 (SUSE)
RHBA-2019:2824 (REDHAT)
GLSA-202004-03 (GENTOO)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33 ()
FEDORA-2019-0a9d525d71 ()
FEDORA-2019-953fc0f16d ()
FEDORA-2019-ebd6c4f15a ()
CVE: CVE-2019-14817
CVE: CVE-2019-14817
Id:
CVE-2019-14817
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14817
Comment
: A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
863 (Incorrect Authorization)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14817 (CONFIRM)
DSA-4518 (DEBIAN)
[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update (MLIST)
20190910 [SECURITY] [DSA 4518-1] ghostscript security update (BUGTRAQ)
RHSA-2019:2594 (REDHAT)
openSUSE-SU-2019:2222 (SUSE)
openSUSE-SU-2019:2223 (SUSE)
RHBA-2019:2824 (REDHAT)
GLSA-202004-03 (GENTOO)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=cd1b1cacadac2479e291efe611979bdc1b3bdb19 ()
FEDORA-2019-0a9d525d71 ()
FEDORA-2019-953fc0f16d ()
FEDORA-2019-ebd6c4f15a ()
CVE: CVE-2019-14869
CVE: CVE-2019-14869
Id:
CVE-2019-14869
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14869
Comment
: A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
732 (Incorrect Permission Assignment for Critical Resource)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869 (CONFIRM)
[oss-security] 20191115 CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys (MLIST)
https://bugs.ghostscript.com/show_bug.cgi?id=701841 (CONFIRM)
20191118 [SECURITY] [DSA 4569-1] ghostscript security update (BUGTRAQ)
openSUSE-SU-2019:2534 (SUSE)
openSUSE-SU-2019:2535 (SUSE)
RHSA-2020:0222 (REDHAT)
JVN#52486659 (JVN)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=485904772c5f ()
FEDORA-2019-17f42f585a ()
FEDORA-2019-6cdb10aa59 ()
FEDORA-2019-7debdd1807 ()
CVE: CVE-2019-3835
CVE: CVE-2019-3835
Id:
CVE-2019-3835
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835
Comment
: It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
862 (Missing Authorization)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3835 (CONFIRM)
https://bugs.ghostscript.com/show_bug.cgi?id=700585 (MISC)
RHSA-2019:0652 (REDHAT)
20190402 [slackware-security] ghostscript (SSA:2019-092-01) (BUGTRAQ)
http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html (MISC)
DSA-4432 (DEBIAN)
20190417 [SECURITY] [DSA 4432-1] ghostscript security update (BUGTRAQ)
107855 (BID)
[debian-lts-announce] 20190423 [SECURITY] [DLA 1761-1] ghostscript security update (MLIST)
RHSA-2019:0971 (REDHAT)
openSUSE-SU-2019:2222 (SUSE)
openSUSE-SU-2019:2223 (SUSE)
GLSA-202004-03 (GENTOO)
FEDORA-2019-d5d9cfd359 ()
FEDORA-2019-1a2c059afd ()
FEDORA-2019-9f28451404 ()
CVE: CVE-2019-3838
CVE: CVE-2019-3838
Id:
CVE-2019-3838
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838
Comment
: It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
CWE-Other ()
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838 (CONFIRM)
https://bugs.ghostscript.com/show_bug.cgi?id=700576 (MISC)
RHSA-2019:0652 (REDHAT)
openSUSE-SU-2019:1121 (SUSE)
openSUSE-SU-2019:1119 (SUSE)
20190402 [slackware-security] ghostscript (SSA:2019-092-01) (BUGTRAQ)
http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html (MISC)
DSA-4432 (DEBIAN)
20190417 [SECURITY] [DSA 4432-1] ghostscript security update (BUGTRAQ)
[debian-lts-announce] 20190423 [SECURITY] [DLA 1761-1] ghostscript security update (MLIST)
RHSA-2019:0971 (REDHAT)
GLSA-202004-03 (GENTOO)
FEDORA-2019-d5d9cfd359 ()
FEDORA-2019-1a2c059afd ()
FEDORA-2019-9f28451404 ()
CVE: CVE-2019-3839
CVE: CVE-2019-3839
Id:
CVE-2019-3839
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3839
Comment
: It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839 (CONFIRM)
[debian-lts-announce] 20190519 [SECURITY] [DLA 1792-1] ghostscript security update (MLIST)
DSA-4442 (DEBIAN)
USN-3970-1 (UBUNTU)
20190512 [SECURITY] [DSA 4442-1] ghostscript security update (BUGTRAQ)
RHSA-2019:1017 (REDHAT)
RHSA-2019:0971 (REDHAT)
openSUSE-SU-2019:2222 (SUSE)
openSUSE-SU-2019:2223 (SUSE)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9 ()
FEDORA-2019-953fc0f16d ()
FEDORA-2019-ebd6c4f15a ()
CVE: CVE-2019-6116
CVE: CVE-2019-6116
Id:
CVE-2019-6116
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116
Comment
: In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
46242 (EXPLOIT-DB)
DSA-4372 (DEBIAN)
USN-3866-1 (UBUNTU)
[debian-lts-announce] 20190211 [SECURITY] [DLA 1670-1] ghostscript security update (MLIST)
https://bugs.ghostscript.com/show_bug.cgi?id=700317 (CONFIRM)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1729 (MISC)
RHSA-2019:0229 (REDHAT)
106700 (BID)
[oss-security] 29190123 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (MLIST)
http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html (MISC)
http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html (CONFIRM)
http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html (CONFIRM)
[oss-security] 20190321 ghostscript: 2 -dSAFER bypass: CVE-2019-3835 & CVE-2019-3838 (MLIST)
20190402 [slackware-security] ghostscript (SSA:2019-092-01) (BUGTRAQ)
http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html (MISC)
RHBA-2019:0327 (REDHAT)
GLSA-202004-03 (GENTOO)
FEDORA-2019-7b9bb0e426 ()
FEDORA-2019-15d57af79a ()
FEDORA-2019-9f06aa44f6 ()
FEDORA-2019-953fc0f16d ()
FEDORA-2019-ebd6c4f15a ()
Content available only for registered users!
ovaldb@altx-soft.com