CVE-2019-14813 - A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it

CVE-2019-14813

Summary

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

References

Vulnerable Configurations

cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.27:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.27:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.28:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.28:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 16-10-2020 - 13:20)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa
id RHBA-2019:2824
rhsa
id RHSA-2019:2594

rpms

ghostscript-0:9.25-2.el7_7.2
ghostscript-cups-0:9.25-2.el7_7.2
ghostscript-debuginfo-0:9.25-2.el7_7.2
ghostscript-doc-0:9.25-2.el7_7.2
ghostscript-gtk-0:9.25-2.el7_7.2
libgs-0:9.25-2.el7_7.2
libgs-devel-0:9.25-2.el7_7.2
ghostscript-0:9.25-2.el8_0.3
ghostscript-debuginfo-0:9.25-2.el8_0.3
ghostscript-debugsource-0:9.25-2.el8_0.3
ghostscript-doc-0:9.25-2.el8_0.3
ghostscript-gtk-debuginfo-0:9.25-2.el8_0.3
ghostscript-tools-dvipdf-0:9.25-2.el8_0.3
ghostscript-tools-fonts-0:9.25-2.el8_0.3
ghostscript-tools-printing-0:9.25-2.el8_0.3
ghostscript-x11-0:9.25-2.el8_0.3
ghostscript-x11-debuginfo-0:9.25-2.el8_0.3
libgs-0:9.25-2.el8_0.3
libgs-debuginfo-0:9.25-2.el8_0.3
libgs-devel-0:9.25-2.el8_0.3

refmap via4

bugtraq	20190910 [SECURITY] [DSA 4518-1] ghostscript security update
confirm	http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813
debian	DSA-4518
fedora	FEDORA-2019-0a9d525d71 FEDORA-2019-953fc0f16d FEDORA-2019-ebd6c4f15a
gentoo	GLSA-202004-03
mlist	[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update
suse	openSUSE-SU-2019:2222 openSUSE-SU-2019:2223

Last major update

16-10-2020 - 13:20

Published

06-09-2019 - 14:15

Last modified

16-10-2020 - 13:20