Ghostscript Security Flaw in PDF Command Processing
CVE-2019-14817

7.3HIGH

Key Information:

Vendor

Artifex Software

Status
Ghostscript
Vendor
CVE Published:
3 September 2019

What is CVE-2019-14817?

A critical security flaw exists in Ghostscript due to improper handling of secure commands related to PostScript files. This weakness allows specially crafted PostScript files to circumvent the -dSAFER security restrictions, resulting in unauthorized access to the file system or execution of arbitrary commands. Attackers could exploit this vulnerability to execute malicious scripts, leading to potential data breaches and system compromise.

Affected Version(s)

ghostscript ghostscript versions prior to 9.28

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14817
x_refsource_CONFIRM
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff...
x_refsource_CONFIRM
https://www.debian.org/security/2019/dsa-4518
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.