CVE-2019-14811

Name
CVE-2019-14811
Description
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811
Third Party Advisory https://www.debian.org/security/2019/dsa-4518
Mailing List https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html
Mailing List https://seclists.org/bugtraq/2019/Sep/15
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2594
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
Third Party Advisory https://access.redhat.com/errata/RHBA-2019:2824
Third Party Advisory https://security.gentoo.org/glsa/202004-03

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* ghostscript >= None < 9.50

Vulnerable and fixed packages

Source package Branch Version Maintainer Status