Ghostscript CVE-2019-6116 Remote Code Execution Vulnerability

Bugtraq ID:	106700
Class:	Unknown
CVE:	CVE-2019-6116
Remote:	Yes
Local:	No
Published:	Jan 23 2019 12:00AM
Updated:	Jan 23 2019 12:00AM
Credit:	Tavis Ormandy (Google Project Zero)
Vulnerable:	Redhat Enterprise Linux 7 Artifex Ghostscript 9.26 Artifex Ghostscript 9.25 Artifex Ghostscript 9.22 Artifex Ghostscript 9.21
Not Vulnerable:

Ghostscript CVE-2019-6116 Remote Code Execution Vulnerability

Ghostscript is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code or crash the affected application, resulting in denial-of-service conditions.

Versions prior to Ghostscript 9.26 are vulnerable.

Ghostscript CVE-2019-6116 Remote Code Execution Vulnerability

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

Ghostscript CVE-2019-6116 Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Ghostscript CVE-2019-6116 Remote Code Execution Vulnerability

References:

• Any transient procedures that call .force* operators (ghostscript)
  
• Bug700317: Fix logic for an older change (ghostscript)
  
• Ghostscript Homepage (Ghostscript)
  
• Harden some uses of .force* operators (ghostscript)
  
• Remove .forcedef, and harden .force* ops more (ghostscript)
  
• Sanitize op stack for error conditions (ghostscript)
  
• Undefine a bunch of gs_fonts.ps specific procs (ghostscript)
  
• Bug 1666636 (CVE-2019-6116) - CVE-2019-6116 ghostscript: subroutines within pse (Redhat)
  
• ghostscript: subroutines within pseudo-operators must themselves be pseudo-oper (chromium.org)
  
• CVE-2019-6116 (Redhat)