Ghostscript up to 9.27 File System PostScript File privilege escalation
| CVSS Meta Temp Score | Current Exploit Price (≈) |
|---|---|
| 5.3 | $0-$5k |
A vulnerability, which was classified as critical, was found in Ghostscript up to 9.27 (Document Processing Software). This affects a function of the component File System. The manipulation as part of a PostScript File leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-269. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was published 05/16/2019 as confirmed git commit (GIT Repository). The advisory is shared at git.ghostscript.com. This vulnerability is uniquely identified as CVE-2019-3839 since 01/03/2019. Neither technical details nor an exploit are publicly available.
Upgrading to version 9.28 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.ghostscript.com. The best possible mitigation is suggested to be patching the affected component.
Name
VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.3
VulDB Base Score: ≈5.5
VulDB Temp Score: ≈5.3
VulDB Vector: ?
VulDB Reliability: ?
VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Privilege escalation (CWE-269)
Local: Yes
Remote: No
Availability: ?
Status: Not defined
Price Prediction: ?
Current Price Estimation: ?
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Patch
Status: ?
0-Day Time: ?
Upgrade: Ghostscript 9.28
Patch: git.ghostscript.com
01/03/2019 CVE assigned
05/16/2019 Advisory disclosed
05/17/2019 VulDB entry created
05/17/2019 VulDB last updateAdvisory: git.ghostscript.com
Status: Confirmed
CVE: CVE-2019-3839 (?)
Created: 05/17/2019 07:29 AM
Complete: ?
Download it now for free!
https://vuldb.com/?id.135165
Gloss