CVE-2019-14869

HIGH

Ghostscript 9.x <9.50 - Privilege Escalation

Title source: llm
STIX 2.1

Description

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.

References (12)

Core 12
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/11/15/1
Permissions Required x_refsource_confirm
https://bugs.ghostscript.com/show_bug.cgi?id=701841
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Nov/27
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0222
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN52486659/index.html

Scores

CVSS v3 8.8
EPSS 0.0343
EPSS Percentile 87.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-648 CWE-732
Status published
Products (6)
artifex/ghostscript 9.00 - 9.50
fedoraproject/fedora 29
fedoraproject/fedora 30
fedoraproject/fedora 31
opensuse/leap 15.0
opensuse/leap 15.1
Published Nov 15, 2019
Tracked Since Feb 18, 2026