SB2019081208 - Security restrictions bypass in Ghostscript
Published: August 12, 2019 Updated: June 20, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10216)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to access arbitrary files on the system.
The vulnerability exists due to an error within the .buildfont1 procedure when making privileged secure calls. A remote attacker can create a specially crafted PostScript file, trick the victim into opening it, bypass the ‘-dSAFER’ restrictions and access arbitrary file on the system.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14817)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14813)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14812)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14811)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in .pdf_hook_DSC_Creator. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
6) Code Injection (CVE-ID: CVE-2019-14869)
CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing Truetype fonts. A remote attacker can trick the use user to open a specially crafted document and execute arbitrary commands on the system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Heap-based buffer overflow (CVE-ID: CVE-2020-27792)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the lp8000_print_page() function in gdevlp8k.c. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://bugs.ghostscript.com/show_bug.cgi?id=701394
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216
- http://git.ghostscript.com/?p=ghostpdl.git;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
- http://git.ghostscript.com/?p=ghostpdl.git;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f
- https://bugs.ghostscript.com/show_bug.cgi?id=701844
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7
- https://lists.debian.org/debian-lts-announce/2022/09/msg00005.html