Mageia: MGASA-2020-0145 High: ImageMagick Security Vulnerability Detected
mageia
April 5, 2019
It was found that the superexec operator was available in the internal dictionary
Summary
It was found that the superexec operator was available in the internal
dictionary. A specially crafted PostScript file could use this flaw in
order to, for example, have access to the file system outside of the
constrains imposed by -dSAFER. (CVE-2019-3835)
It was found that the forceput operator could be extracted from the
DefineResource method using methods similar to the ones described in
CVE-2019-6116. A specially crafted PostScript file could use this flaw in
order to, for example, have access to the file system outside of the
constraints imposed by -dSAFER. (CVE-2019-3838)
References
- https://bugs.mageia.org/show_bug.cgi?id=24548
- https://www.openwall.com/lists/oss-security/2019/03/21/1
- https://access.redhat.com/errata/RHSA-2019:0633
- https://www.cve.org/CVERecord?id=CVE-2019-3835
- https://www.cve.org/CVERecord?id=CVE-2019-3838
Topics Covered
Resolution
SRPMS
- 6/core/ghostscript-9.26-1.3.mga6
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 05 Apr 2019
URL: https://advisories.mageia.org/MGASA-2019-0130.html
Type: security
CVE: CVE-2019-3835,
CVE-2019-3838
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!