MGASA-2019-0130

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2019-3835 CVE-2019-3838

Published: 05 Apr 2019, 18:12

Last modified:16 Apr 2026, 04:43

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

05 Apr 2019, 18:12

Published

Vulnerability first disclosed

16 Apr 2026, 04:43

Last Modified

Vulnerability information updated

Description

Updated ghostscript packages fix security vulnerability It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. (CVE-2019-3835) It was found that the forceput operator could be extracted from the DefineResource method using methods similar to the ones described in CVE-2019-6116. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constraints imposed by -dSAFER. (CVE-2019-3838)

Affected Systems

mageia•ghostscript
< 9.26-1.3.mga6

MGASA-2019-0130

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)