PT-2019-3235 · Artifex+5 · Ghostscript+5

Publicado

2019-08-20

Atualizado

2024-06-15

CVE-2019-14811

CVSS v3.1

7.3

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Ghostscript versions prior to 9.50

Description A flaw in the .pdf hook DSC Creator procedure allows scripts to bypass -dSAFER restrictions, enabling access to the file system or execution of arbitrary commands through a specially crafted PostScript file. This issue is related to insufficient access control, which can be exploited to bypass security protections.

Recommendations For Ghostscript versions prior to 9.50, update to version 9.50 or later to resolve the issue. As a temporary workaround, consider restricting the use of the .pdf hook DSC Creator procedure until a patch is available. Avoid using specially crafted PostScript files that could exploit this flaw.

Exploit

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-648CWE-863CWE-264

Identificadores relacionados

ALT-PU-2019-2669

ALT-PU-2020-2917

ALT-PU-2020-2921

ALT-PU-2020-3124

BDU:2019-03225

CESA-2019_2586

CESA-2019_2591

CVE-2019-14811

DLA-1915-1

DSA-4518-1

ELSA-2019-2586

ELSA-2019-2591

MGASA-2019-0271

OPENSUSE-SU-2019:2222-1

OPENSUSE-SU-2019:2223-1

OPENSUSE-SU-2019_2222-1

OPENSUSE-SU-2019_2223-1

OPENSUSE-SU-2024:10783-1

RHSA-2019:2586

RHSA-2019:2591

RHSA-2019_2586

RHSA-2019_2591

SUSE-SU-2019:2460-1

SUSE-SU-2019:2478-1

SUSE-SU-2019_2460-1

SUSE-SU-2019_2478-1

USN-4111-1

Produtos afetados

Alt Linux

Centos

Ghostscript

Red Hat

Suse

Ubuntu

PT-2019-3235 · Artifex+5 · Ghostscript+5

CVE-2019-14811

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 104