CVE-2019-14812

Name
CVE-2019-14812
Description
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14812
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
Third Party Advisory https://access.redhat.com/security/cve/cve-2019-14812
Mailing List http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
Permissions Required https://bugs.ghostscript.com/show_bug.cgi?id=701444
Third Party Advisory https://security.gentoo.org/glsa/202004-03

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* ghostscript >= 9.00 < 9.50

Vulnerable and fixed packages

Source package Branch Version Maintainer Status