ID CVE-2019-14813
Summary A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.27:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.27:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.28:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.28:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2020 - 13:20)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHBA-2019:2824
  • rhsa
    id RHSA-2019:2594
rpms
  • ghostscript-0:9.25-2.el7_7.2
  • ghostscript-cups-0:9.25-2.el7_7.2
  • ghostscript-debuginfo-0:9.25-2.el7_7.2
  • ghostscript-doc-0:9.25-2.el7_7.2
  • ghostscript-gtk-0:9.25-2.el7_7.2
  • libgs-0:9.25-2.el7_7.2
  • libgs-devel-0:9.25-2.el7_7.2
  • ghostscript-0:9.25-2.el8_0.3
  • ghostscript-debuginfo-0:9.25-2.el8_0.3
  • ghostscript-debugsource-0:9.25-2.el8_0.3
  • ghostscript-doc-0:9.25-2.el8_0.3
  • ghostscript-gtk-debuginfo-0:9.25-2.el8_0.3
  • ghostscript-tools-dvipdf-0:9.25-2.el8_0.3
  • ghostscript-tools-fonts-0:9.25-2.el8_0.3
  • ghostscript-tools-printing-0:9.25-2.el8_0.3
  • ghostscript-x11-0:9.25-2.el8_0.3
  • ghostscript-x11-debuginfo-0:9.25-2.el8_0.3
  • libgs-0:9.25-2.el8_0.3
  • libgs-debuginfo-0:9.25-2.el8_0.3
  • libgs-devel-0:9.25-2.el8_0.3
refmap via4
bugtraq 20190910 [SECURITY] [DSA 4518-1] ghostscript security update
confirm
debian DSA-4518
fedora
  • FEDORA-2019-0a9d525d71
  • FEDORA-2019-953fc0f16d
  • FEDORA-2019-ebd6c4f15a
gentoo GLSA-202004-03
mlist [debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update
suse
  • openSUSE-SU-2019:2222
  • openSUSE-SU-2019:2223
Last major update 16-10-2020 - 13:20
Published 06-09-2019 - 14:15
Last modified 16-10-2020 - 13:20
Back to Top