CVE-2019-14812

Description

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
• v3.0•HIGH•Score: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
• v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.54%• Percentile: 68%

Techniques & Countermeasures

• CWE-732•Incorrect Permission Assignment for Critical Resource

  The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

• CWE-648•Incorrect Use of Privileged APIs

  The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

Affected Systems

• Unknown•Ghostscript

  ≥ 9.00, < 9.50

• fedoraproject•fedora

  31

• red hat•ghostscript

  all ghostscript versions 9.x before 9.50

References (6)

• http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14812
• https://access.redhat.com/security/cve/cve-2019-14812
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
• https://bugs.ghostscript.com/show_bug.cgi?id=701444
• https://security.gentoo.org/glsa/202004-03