CVE-2019-14812Incorrect Use of Privileged APIs in Ghostscript

CWE-648Incorrect Use of Privileged APIsCWE-732Incorrect Permission Assignment10 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 32.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Artifex GhostscriptRED HAT GhostscriptFedoraproject Fedora
Timeline
PublishedNov 27
Latest updateMay 24

Description

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDartifex/ghostscript9.009.50
Debianartifex/ghostscript< 9.28~~rc2~dfsg-1+3
Ubuntuartifex/ghostscript< 9.26~dfsg+0-0ubuntu0.16.04.11+1
CVEListV5red_hat/ghostscriptall ghostscript versions 9.x before 9.50

Also affects: Fedora 31

🔴Vulnerability Details

4
GHSA
GHSA-rmmv-j9x6-f2v4: A flaw was found in all ghostscript versions 92022-05-24
OSV
CVE-2019-14812: A flaw was found in all ghostscript versions 92019-11-27
CVEList
CVE-2019-14812: A flaw was found in all ghostscript versions 92019-11-27
OSV
ghostscript vulnerabilities2019-08-29

📋Vendor Advisories

3
Ubuntu
Ghostscript vulnerabilities2019-08-29
Red Hat
ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)2019-08-28
Debian
CVE-2019-14812: ghostscript - A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserpar...2019

💬Community

2
Bugzilla
CVE-2019-14812 ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444) [fedora-all]2019-09-02
Bugzilla
CVE-2019-14812 ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)2019-08-20
CVE-2019-14812 — Incorrect Use of Privileged APIs | cvebase