Description
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Artifex Software / ghostscriptghostscript versions prior to 9.28 – ghostscript versions prior to 9.28
References
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811
- VENDOR_ADVISORYhttps://www.debian.org/security/2019/dsa-4518
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2019/09/msg00007.html
- MAILING_LISThttps://seclists.org/bugtraq/2019/Sep/15
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2594
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHBA-2019:2824
- MISChttps://security.gentoo.org/glsa/202004-03