CVE-2019-14869

Published: Nov 15, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.

Affected (6)

Products: Artifex: Ghostscript · Fedoraproject: Fedora · Opensuse: Leap

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript	From 9.00 to 9.50

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1

Related CWEs

Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (24)

http://jvn.jp/en/jp/JVN52486659/index.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/11/15/1

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

https://access.redhat.com/errata/RHSA-2020:0222

Source: secalert@redhat.com

Third Party Advisory

https://bugs.ghostscript.com/show_bug.cgi?id=701841

Source: secalert@redhat.com

Permissions Required

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=485904772c5f

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Q4E3OTDAJRSUCOBTDQO7Y5UTE2FFMLF/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HC4REO73BEJOJAU7NHFHJECAUAYJUE3H/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX55AEDERTDFEZAROKZW64MZRPLINEGI/

Source: secalert@redhat.com

https://seclists.org/bugtraq/2019/Nov/27

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://jvn.jp/en/jp/JVN52486659/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/11/15/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

https://access.redhat.com/errata/RHSA-2020:0222

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.ghostscript.com/show_bug.cgi?id=701841

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=485904772c5f

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Q4E3OTDAJRSUCOBTDQO7Y5UTE2FFMLF/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HC4REO73BEJOJAU7NHFHJECAUAYJUE3H/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX55AEDERTDFEZAROKZW64MZRPLINEGI/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Nov/27

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMailing ListThird Party Advisory

Timeline

No history available yet.