Security restrictions bypass in Ghostscript
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2019-10216 CVE-2019-14817 CVE-2019-14813 CVE-2019-14812 CVE-2019-14811 CVE-2019-14869 CVE-2020-27792 |
| CWE-ID | CWE-264 CWE-94 CWE-122 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #6 is available. |
| Vulnerable software Subscribe |
Ghostscript Universal components / Libraries / Libraries used by multiple products |
| Vendor | Artifex Software, Inc. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU20059
Risk: Low
CVSSv3.1: 2.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10216
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to access arbitrary files on the system.
The vulnerability exists due to an error within the .buildfont1 procedure when making privileged secure calls. A remote attacker can create a specially crafted PostScript file, trick the victim into opening it, bypass the ‘-dSAFER’ restrictions and access arbitrary file on the system.
Install update from vendor's website.
Vulnerable software versionsGhostscript: 9.00 - 9.27
External linkshttp://bugs.ghostscript.com/show_bug.cgi?id=701394
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU20471
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14817
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGhostscript: 9.00 - 9.27
External linkshttp://git.ghostscript.com/?p=ghostpdl.git;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU20470
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14813
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGhostscript: 9.00 - 9.27
External linkshttp://git.ghostscript.com/?p=ghostpdl.git;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU20469
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14812
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGhostscript: 9.00 - 9.27
External linkshttp://git.ghostscript.com/?p=ghostpdl.git;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU20468
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14811
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in .pdf_hook_DSC_Creator. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGhostscript: 9.00 - 9.27
External linkshttp://git.ghostscript.com/?p=ghostpdl.git;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Code Injection
EUVDB-ID: #VU22784
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-14869
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing Truetype fonts. A remote attacker can trick the use user to open a specially crafted document and execute arbitrary commands on the system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGhostscript: 9.00 - 9.27
External linkshttp://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Heap-based buffer overflow
EUVDB-ID: #VU67506
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27792
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the lp8000_print_page() function in gdevlp8k.c. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGhostscript: 9.00 - 9.27
External linkshttp://bugs.ghostscript.com/show_bug.cgi?id=701844
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7
http://lists.debian.org/debian-lts-announce/2022/09/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
