CVE-2019-14869
ghostscript: -dSAFER escape in .charkeys (701841)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
Se detectó un fallo en todas las versiones de ghostscript 9.x en versiones anteriores a la 9.50, donde el procedimiento ".charkeys", donde no aseguraba apropiadamente sus llamadas privilegiadas, permitiendo que los scripts omitieran las restricciones "-dSAFER". Un atacante podría abusar de este fallo mediante la creación de un archivo PostScript especialmente diseñado que podría aumentar los privilegios dentro de Ghostscript y acceder a archivos fuera de áreas restringidas o ejecutar comandos.
A flaw was found in the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-10 CVE Reserved
- 2019-11-15 CVE Published
- 2024-08-05 CVE Updated
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-648: Incorrect Use of Privileged APIs
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://jvn.jp/en/jp/JVN52486659/index.html | Third Party Advisory | |
| https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=485904772c5f | X_refsource_confirm | |
| https://seclists.org/bugtraq/2019/Nov/27 | Issue Tracking |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/11/15/1 | 2023-11-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Artifex Search vendor "Artifex" | Ghostscript Search vendor "Artifex" for product "Ghostscript" | >= 9.00 < 9.50 Search vendor "Artifex" for product "Ghostscript" and version " >= 9.00 < 9.50" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 29 Search vendor "Fedoraproject" for product "Fedora" and version "29" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||