CVE-2019-14811

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html Mailing List Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:2824 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2594 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811 Exploit Issue Tracking Mitigation Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
https://seclists.org/bugtraq/2019/Sep/15 Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202004-03 Third Party Advisory
https://www.debian.org/security/2019/dsa-4518 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html Mailing List Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:2824 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2594 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811 Exploit Issue Tracking Mitigation Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
https://seclists.org/bugtraq/2019/Sep/15 Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202004-03 Third Party Advisory
https://www.debian.org/security/2019/dsa-4518 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:27

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html - Mailing List, Third Party Advisory
References () https://access.redhat.com/errata/RHBA-2019:2824 - Third Party Advisory () https://access.redhat.com/errata/RHBA-2019:2824 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:2594 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2019:2594 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811 - Exploit, Issue Tracking, Mitigation, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811 - Exploit, Issue Tracking, Mitigation, Patch, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/ -
References () https://seclists.org/bugtraq/2019/Sep/15 - Mailing List, Third Party Advisory () https://seclists.org/bugtraq/2019/Sep/15 - Mailing List, Third Party Advisory
References () https://security.gentoo.org/glsa/202004-03 - Third Party Advisory () https://security.gentoo.org/glsa/202004-03 - Third Party Advisory
References () https://www.debian.org/security/2019/dsa-4518 - Third Party Advisory () https://www.debian.org/security/2019/dsa-4518 - Third Party Advisory

07 Nov 2023, 03:05

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/', 'name': 'FEDORA-2019-ebd6c4f15a', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/', 'name': 'FEDORA-2019-953fc0f16d', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/', 'name': 'FEDORA-2019-0a9d525d71', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/ -

Information

Published : 2019-09-03 16:15

Updated : 2024-11-21 04:27


NVD link : CVE-2019-14811

Mitre link : CVE-2019-14811

CVE.ORG link : CVE-2019-14811


JSON object : View

Products Affected

artifex

  • ghostscript

opensuse

  • leap

debian

  • debian_linux

redhat

  • openshift_container_platform

fedoraproject

  • fedora
CWE
CWE-648

Incorrect Use of Privileged APIs

CWE-863

Incorrect Authorization