The vulnerability of the PostScript Ghostscript file conversion program lies in the improper use of privileged APIs, allowing an attacker to gain access to the file system bypassing restrictions.

🗓️ 11 Jul 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Ghostscript file conversion vulnerability lets remote attackers bypass safer option via privileged APIs to access the file system.

Reporter	Title	Published	Views	Family All 108
Tenable Nessus	Amazon Linux 2 : ghostscript (ALAS-2021-1598)	19 Feb 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : ghostscript (ALAS-2023-2003)	22 Mar 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0123: ghostscript (ALINUX3-SA-2022:0123)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : ghostscript (CESA-2019:0971)	29 Jan 202100:00	–	nessus
Tenable Nessus	CentOS 7 : ghostscript (CESA-2019:1017)	14 May 201900:00	–	nessus
Tenable Nessus	Debian DLA-2989-1 : ghostscript - LTS security update	2 May 202200:00	–	nessus
Tenable Nessus	Debian DSA-4442-1 : ghostscript - security update	13 May 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1576)	29 May 201900:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2019-1613)	30 May 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2019-1731)	22 Jul 201900:00	–	nessus

Vulners

Node

artifex_software ghostscriptRange<9.27

Source	Link
access	www.access.redhat.com/security/cve/cve-2019-3839
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-3839
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
strelets	www.strelets.net/patchi-i-obnovleniya-bezopasnosti
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
web	www.web.nvd.nist.gov/view/vuln/detail

30 Sep 2024 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 37.3

CVSS 27.5

EPSS0.01756

Ghostscript file access remote exploit privileged APIs safer option specially created file