CVE-2019-14811

Published: Sep 3, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Affected (11)

Products: Artifex: Ghostscript · Redhat: Openshift Container Platform · Fedoraproject: Fedora · +2 more

Show all products

Artifex: Ghostscript · Redhat: Openshift Container Platform · Fedoraproject: Fedora · Opensuse: Leap · Debian: Debian Linux

1 product

1 product

Openshift Container Platform

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript	Before 9.50

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 3.11
Redhat Openshift Container Platform	Version 4.1

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1

Configuration E

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (24)

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHBA-2019:2824

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2594

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811

Source: secalert@redhat.com

ExploitIssue TrackingMitigationPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/

Source: secalert@redhat.com

https://seclists.org/bugtraq/2019/Sep/15

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202004-03

Source: secalert@redhat.com

Third Party Advisory

https://www.debian.org/security/2019/dsa-4518

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHBA-2019:2824

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2594

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingMitigationPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Sep/15

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202004-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2019/dsa-4518

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.