8 matches found
SUSE CVE-2019-14812
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...
DEBIAN-CVE-2019-14812
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...
ALPINE-CVE-2019-14812
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...
CVE-2019-14812
A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands...
The vulnerability of the .setuserparams2 procedure of the Ghostscript file conversion program allows a attacker to execute arbitrary commands or gain access to the file system.
The vulnerability of the .setuserparams2 procedure in the Ghostscript file conversion program is related to the improper use of privileged APIs. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands or gain access to the file system by circumventing t...
Safer Restriction Bypass
Ghostscript is vulnerable to safer restriction bypass. The attack is possible due to a flaw of exposing .forceput in setuserparams2 when hooking errors...
ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)
A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands...
PT-2019-3236 · Artifex +5 · Ghostscript +5
Name of the Vulnerable Software and Affected Versions: Ghostscript versions 9.x before 9.50 Description: A flaw in the .setuserparams2 procedure of Ghostscript allows scripts to bypass -dSAFER restrictions by not properly securing its privileged calls. This enables a specially crafted PostScript...