PT-2019-3235 · Artifex+5 · Ghostscript+5

Published

2019-08-20

·

Updated

2024-06-15

·

CVE-2019-14811

CVSS v3.1

7.3

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions Ghostscript versions prior to 9.50
Description A flaw in the .pdf hook DSC Creator procedure allows scripts to bypass -dSAFER restrictions, enabling access to the file system or execution of arbitrary commands through a specially crafted PostScript file. This issue is related to insufficient access control, which can be exploited to bypass security protections.
Recommendations For Ghostscript versions prior to 9.50, update to version 9.50 or later to resolve the issue. As a temporary workaround, consider restricting the use of the .pdf hook DSC Creator procedure until a patch is available. Avoid using specially crafted PostScript files that could exploit this flaw.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-648CWE-863CWE-264

Related Identifiers

ALT-PU-2019-2669
ALT-PU-2020-2917
ALT-PU-2020-2921
ALT-PU-2020-3124
BDU:2019-03225
CESA-2019_2586
CESA-2019_2591
CVE-2019-14811
DLA-1915-1
DSA-4518-1
ELSA-2019-2586
ELSA-2019-2591
MGASA-2019-0271
OPENSUSE-SU-2019:2222-1
OPENSUSE-SU-2019:2223-1
OPENSUSE-SU-2019_2222-1
OPENSUSE-SU-2019_2223-1
OPENSUSE-SU-2024:10783-1
RHSA-2019:2586
RHSA-2019:2591
RHSA-2019_2586
RHSA-2019_2591
SUSE-SU-2019:2460-1
SUSE-SU-2019:2478-1
SUSE-SU-2019_2460-1
SUSE-SU-2019_2478-1
USN-4111-1

Affected Products

Alt Linux
Centos
Ghostscript
Red Hat
Suse
Ubuntu