CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2019-11411
https://notcve.org/view.php?id=CVE-2019-11411
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow. Se ha descubierto un problema en Artifex MuJS versión 1.0.5. Las implementaciones Number#toFixed() y numtostr en jsnumber.c tienen un desbordamiento de búfer basado en pila. • http://www.ghostscript.com/cgi-bin/findgit.cgi?da632ca08f240590d2dec786722ed08486ce1be6 http://www.securityfocus.com/bid/108093 https://bugs.ghostscript.com/show_bug.cgi?id=700938 https://github.com/ccxvii/mujs/commit/da632ca08f240590d2dec786722ed08486ce1be6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RQXMWEOWCGLOLFBQSXBM3MBN33T4I5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67PMOZV4DLVL2KGU2SV724QL7Y4PKWKU https://lists.fedoraproject.org/archives/l • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-3838 – ghostscript: forceput in DefineResource is still accessible (700576)
https://notcve.org/view.php?id=CVE-2019-3838
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador forceput podía ser extraído del método DefineResource en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para obtener acceso al sistema de archivos fuera de las restricciones impuestas por -dSAFER. It was found that the forceput operator could be extracted from the DefineResource method. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:0971 https://bugs.ghostscript.com/show_bug.cgi?id=700576 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838 https://lists.debian.org/debian-lts-announce/2 • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 7.3EPSS: 0%CPEs: 15EXPL: 0CVE-2019-3835 – ghostscript: superexec operator is available (700585)
https://notcve.org/view.php?id=CVE-2019-3835
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador superexec estaba disponible en el diccionario interno en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para obtener acceso al sistema de archivos fuera de las restricciones impuestas por -dSAFER. It was found that the superexec operator was available in the internal dictionary. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html http://www.securityfocus.com/bid/107855 https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:0971 https://bugs.ghostscript.com/show_bug.cgi?id=700585 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3835 https: • CWE-648: Incorrect Use of Privileged APIs CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 2%CPEs: 18EXPL: 4CVE-2019-6116 – Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-6116
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. En Artifex Ghostscript hasta la versión 9.26, los procedimientos ephemeral o transient pueden permitir el acceso a los operadores del sistema, lo que conduce a la ejecución remota de código. It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints. Ghostscript has an issue with pseudo-operators that can lead to remote code execution. • https://www.exploit-db.com/exploits/46242 http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html http://www.openwall.com/lists/oss-security/2019/01/23/5 http://www.openwall.com/lists/oss-security/2019/03/21/1 http: •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6130
https://notcve.org/view.php?id=CVE-2019-6130
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. Artifex MuPDF 1.14.0 tiene un SEGV en la función fz_load_page del archivo fitz/document.c, tal y como queda demostrado con mutool. Esto está relacionado con la mala gestión de página-número en cbz/mucbz.c, cbz/muimg.c y svg/svg-doc.c. • http://www.securityfocus.com/bid/106558 https://bugs.ghostscript.com/show_bug.cgi?id=700446 https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE https://cgit.ghostscript.com/cgi-bin/cgit. • CWE-118: Incorrect Access of Indexable Resource ('Range Error') •