Unrated severityNVD Advisory· Published Sep 6, 2019· Updated Aug 5, 2024
CVE-2019-14813
CVE-2019-14813
Description
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Affected products
1- Range: ghostscript versions 9.x before 9.28
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHBA-2019:2824mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:2594mitrevendor-advisoryx_refsource_REDHAT
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202004-03mitrevendor-advisoryx_refsource_GENTOO
- www.debian.org/security/2019/dsa-4518mitrevendor-advisoryx_refsource_DEBIAN
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/09/msg00007.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Sep/15mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.