7.8

CVE-2019-14811

Exploit
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexGhostscript Version < 9.50
FedoraprojectFedora Version29
FedoraprojectFedora Version30
FedoraprojectFedora Version31
OpensuseLeap Version15.0
OpensuseLeap Version15.1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.76% 0.885
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
secalert@redhat.com 7.3 3.9 3.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-648 Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
https://security.gentoo.org/glsa/202004-03
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHBA-2019:2824
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2594
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811
Patch
Third Party Advisory
Exploit
Issue Tracking
Mitigation
https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
https://seclists.org/bugtraq/2019/Sep/15
Third Party Advisory
Mailing List
https://www.debian.org/security/2019/dsa-4518
Third Party Advisory