CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12798
https://notcve.org/view.php?id=CVE-2019-12798
An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size. Se descubrió un problema en Artifex MuJS 1.0.5. regcompx en regexp.c no restringe el tamaño del programa de expresiones regulares lo que conlleva a a una sobrecarga del tamaño de la lista de sintaxis analizada • http://git.ghostscript.com/?p=mujs.git%3Bh=7f50591861525f76e3ec7a63392656ff8c030af9 http://www.securityfocus.com/bid/108774 • CWE-185: Incorrect Regular Expression •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15652
https://notcve.org/view.php?id=CVE-2017-15652
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2fc463d0e http://www.securityfocus.com/bid/108463 https://bugs.ghostscript.com/show_bug.cgi?id=698676 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2019-3839 – ghostscript: missing attack vector protections for CVE-2019-6116
https://notcve.org/view.php?id=CVE-2019-3839
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable. Se econtró una vulnerabilidad en ghostscript, algunos operadores privilegiados permanecían accesibles desde varios lugares después de la corrección CVE-2019-6116. Un archivo especialmente creado de PostScript podría usar este defecto para, por ejemplo, tener acceso al sistema de archivos fuera de las restricciones impuestas por -dSAFER. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html https://access.redhat.com/errata/RHSA-2019:0971 https://access.redhat.com/errata/RHSA-2019:1017 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839 https://lists.debian.org/debian-lts-announce/2019/05/msg00023.html https://lists.fedoraproject.or • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-11413
https://notcve.org/view.php?id=CVE-2019-11413
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check. Se ha descubierto un problema en Artifex MuJS 1.0.5. Tiene recursión ilimitada porque la función match en regexp.c carece de un control de profundidad. • http://www.ghostscript.com/cgi-bin/findgit.cgi?00d4606c3baf813b7b1c176823b2729bf51002a2 http://www.securityfocus.com/bid/108093 https://bugs.ghostscript.com/show_bug.cgi?id=700937 https://github.com/ccxvii/mujs/commit/00d4606c3baf813b7b1c176823b2729bf51002a2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RQXMWEOWCGLOLFBQSXBM3MBN33T4I5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67PMOZV4DLVL2KGU2SV724QL7Y4PKWKU https://lists.fedoraproject.org/archives/l • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2019-11412
https://notcve.org/view.php?id=CVE-2019-11412
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call. Se ha descubierto un problema en Artifex MuJS versión 1.0.5. jscompile.c puede causar una denegación de servicio (invalid stack-frame jump) porque carece de una llamada ENDTRY opcode. • http://www.ghostscript.com/cgi-bin/findgit.cgi?1e5479084bc9852854feb1ba9bf68b52cd127e02 http://www.securityfocus.com/bid/108093 https://bugs.ghostscript.com/show_bug.cgi?id=700947 https://github.com/ccxvii/mujs/commit/1e5479084bc9852854feb1ba9bf68b52cd127e02 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RQXMWEOWCGLOLFBQSXBM3MBN33T4I5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67PMOZV4DLVL2KGU2SV724QL7Y4PKWKU https://lists.fedoraproject.org/archives/l • CWE-670: Always-Incorrect Control Flow Implementation •