9.8

CVE-2019-14813

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexGhostscript Version >= 9.00 <= 9.50
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
FedoraprojectFedora Version29
FedoraprojectFedora Version30
FedoraprojectFedora Version31
OpensuseLeap Version15.0
OpensuseLeap Version15.1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.4% 0.954
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
secalert@redhat.com 7.3 3.9 3.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-648 Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
https://security.gentoo.org/glsa/202004-03
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHBA-2019:2824
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2594
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
https://seclists.org/bugtraq/2019/Sep/15
Third Party Advisory
Mailing List
https://www.debian.org/security/2019/dsa-4518
Third Party Advisory
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813
Patch
Third Party Advisory
Issue Tracking