Lucene search

[email protected]CVE-2019-14817

HistorySep 03, 2019 - 4:15 p.m.

CVE-2019-14817

2019-09-0316:15:00

CWE-863

[email protected]

web.nvd.nist.gov

199

cve-2019-14817

security flaw

ghostscript

arbitrary commands

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.8%

JSON

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

VendorProductVersionCPE
ghostscriptghostscript*cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ghostscript	ghostscript	*	cpe:2.3:a:ghostscript:ghostscript::::::::

References

git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=cd1b1cacadac2479e291efe611979bdc1b3bdb19

lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html

access.redhat.com/errata/RHBA-2019:2824

access.redhat.com/errata/RHSA-2019:2594

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14817

lists.debian.org/debian-lts-announce/2019/09/msg00007.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/

seclists.org/bugtraq/2019/Sep/15

security.gentoo.org/glsa/202004-03

www.debian.org/security/2019/dsa-4518

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.8%

JSON

Related for CVE-2019-14817

veracode1 ubuntucve1 alpinelinux1 redhatcve1 debiancve1 prion1 osv3 nessus31 oraclelinux2 openvas21 archlinux1 debian3 redhat4 freebsd1 centos1 mageia1 ubuntu1 fedora5 suse2 gentoo1 amazon1