Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2019-14811

Published: 03/09/2019 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Artifex

Vulnerability Summary

A flaw was found in, ghostscript versions before 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

artifex ghostscript

redhat openshift container platform 3.11

redhat openshift container platform 4.1

fedoraproject fedora 29

fedoraproject fedora 30

fedoraproject fedora 31

opensuse leap 15.0

opensuse leap 15.1

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Ubuntu Security Notice: ghostscript vulnerabilities
Ghostscript could be made to access arbitrary files if it opened a specially crafted file ...
Red Hat: Important: ghostscript security update
Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: OpenShift Container Platform 4.1.14 security and bug fix update
Synopsis Important: OpenShift Container Platform 4114 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Red Hat: Important: ghostscript security update
Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Debian Security Advisories: DSA-4518-1 ghostscript -- security update
It was discovered that various procedures in Ghostscript, the GPL PostScript/PDF interpreter, do not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox For the oldstable distribution (stretch), these problems have been fixed in version 926a~dfsg-0+deb9u5 For the stable distribution ...
Amazon Linux 2: ALAS2-2021-1598
Artifex Ghostscript before 925 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (CVE-2018-17183) Artifex Ghostscript 925 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involv ...
Red Hat: CVE-2019-14811
Impact: Important Public Date: 2019-08-28 CWE: CWE-648 Bugzilla: 1743757: CVE-2019-14811 ghostscript: S ...
Arch Linux Issues:
Safer Mode Bypass by forceput Exposure in pdf_hook_DSC_Creator ...

Github Repositories

https://github.com/hhc0null/GhostRule

Some exploits to bypass Safer Mode in Ghostscript

GhostRule This is a series of exploits that bypass SAFER mode of Ghostscript Ghostscript <= 92x The PoC codes shown below allow you to get command execution or file I/O at the privilege of the process even if Ghostscript is running on SAFER mode However, all of them bypass the protection by overwriting the security flags in systemdict therefore they have no longer eff

References

CWE-863https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811https://www.debian.org/security/2019/dsa-4518https://lists.debian.org/debian-lts-announce/2019/09/msg00007.htmlhttps://seclists.org/bugtraq/2019/Sep/15https://access.redhat.com/errata/RHSA-2019:2594http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.htmlhttps://access.redhat.com/errata/RHBA-2019:2824https://security.gentoo.org/glsa/202004-03https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/https://usn.ubuntu.com/4111-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook