CVE-2019-14813

Description

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

CVSS Metrics

• v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• v3.0•HIGH•Score: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
• v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 8.45%• Percentile: 92%

Techniques & Countermeasures

• CWE-863•Incorrect Authorization

  The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

• CWE-648•Incorrect Use of Privileged APIs

  The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

Affected Systems

• artifex software•ghostscript

  ghostscript versions 9.x before 9.28

• Unknown•Ghostscript

  ≥ 9.00, ≤ 9.50

• debian•debian_linux

  8.0 | 9.0 | 10.0

• fedoraproject•fedora

  29 | 30 | 31

• opensuse•leap

  15.0 | 15.1

• redhat•enterprise_linux

  7.0 | 8.0

• redhat•enterprise_linux_desktop

  7.0

• redhat•enterprise_linux_server

  7.0

• redhat•enterprise_linux_server_aus

  7.7

• redhat•enterprise_linux_server_eus

  7.7

• redhat•enterprise_linux_server_tus

  7.7

• redhat•enterprise_linux_workstation

  7.0

• redhat•openshift_container_platform

  3.11 | 4.1

References (13)

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813
• http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33
• https://www.debian.org/security/2019/dsa-4518
• https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html
• https://seclists.org/bugtraq/2019/Sep/15
• https://access.redhat.com/errata/RHSA-2019:2594
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
• https://access.redhat.com/errata/RHBA-2019:2824
• https://security.gentoo.org/glsa/202004-03