CVE-2019-14817

Name
CVE-2019-14817
Description
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
Exploit https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14817
Third Party Advisory https://www.debian.org/security/2019/dsa-4518
Mailing List https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html
Mailing List https://seclists.org/bugtraq/2019/Sep/15
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2594
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
Third Party Advisory https://access.redhat.com/errata/RHBA-2019:2824
Third Party Advisory https://security.gentoo.org/glsa/202004-03

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* ghostscript >= None < 9.50

Vulnerable and fixed packages

Source package Branch Version Maintainer Status