Veracode Vulnerability DatabaseVERACODE:20108Remote Code Execution (RCE)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Artifex Ghostscript is vulnerable to remote code execution (RCE) vulnerability. This is because the ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to have access to the file system outside of the SAFER constraints.
References
lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html
lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html
packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html
packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html
www.openwall.com/lists/oss-security/2019/01/23/5
www.openwall.com/lists/oss-security/2019/03/21/1
www.securityfocus.com/bid/106700
access.redhat.com/errata/RHBA-2019:0327
access.redhat.com/errata/RHSA-2019:0229
access.redhat.com/security/updates/classification/#important
bugs.chromium.org/p/project-zero/issues/detail?id=1729
bugs.ghostscript.com/show_bug.cgi?id=700317
bugzilla.redhat.com/show_bug.cgi?id=1665919
lists.debian.org/debian-lts-announce/2019/02/msg00016.html
lists.fedoraproject.org/archives/list/[email protected]/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
lists.fedoraproject.org/archives/list/[email protected]/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/
lists.fedoraproject.org/archives/list/[email protected]/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/
lists.fedoraproject.org/archives/list/[email protected]/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/
lists.fedoraproject.org/archives/list/[email protected]/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
seclists.org/bugtraq/2019/Apr/4
security.gentoo.org/glsa/202004-03
usn.ubuntu.com/3866-1/
www.debian.org/security/2019/dsa-4372
www.exploit-db.com/exploits/46242/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P