PT-2019-1349 · Artifex+5 · Ghostscript+5

Tavis Ormandy

·

Published

2019-01-23

·

Updated

2024-06-15

·

CVE-2019-6116

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions through 9.26
Description The issue is related to errors in the code of the Ghostscript software suite, which can be exploited by a remote attacker using a specially crafted Postscript file. This exploitation can lead to remote code execution or cause a denial of service. The vulnerability is also associated with ephemeral or transient procedures that can allow access to system operators.
Recommendations For Artifex Ghostscript versions through 9.26, update to a version later than 9.26 to resolve the issue. As a temporary workaround, consider restricting access to system operators and limiting the use of Postscript files from untrusted sources until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

ALT-PU-2019-1144
ALT-PU-2019-1913
ALT-PU-2019-1917
BDU:2019-00687
CESA-2019_0229
CVE-2019-6116
DLA-1670-1
DSA-4372-1
MGASA-2019-0056
OPENSUSE-SU-2019:0104-1
OPENSUSE-SU-2019_0103-1
OPENSUSE-SU-2019_0104-1
OPENSUSE-SU-2024:10783-1
RHSA-2019:0229
RHSA-2019_0229
SUSE-SU-2019:0144-1
SUSE-SU-2019:0144-2
SUSE-SU-2019:0145-1
SUSE-SU-2019_0144-1
SUSE-SU-2019_0144-2
SUSE-SU-2019_0145-1
USN-3866-1
USN-3866-2
USN-3866-3

Affected Products

Alt Linux
Centos
Ghostscript
Red Hat
Suse
Ubuntu