CVEDB API

Vulnerability Details CVE-2019-14869

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.2%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 6.8

References

Products affected by CVE-2019-14869

Artifex » Ghostscript » Version: 9.00

cpe:2.3:a:artifex:ghostscript:9.00
Artifex » Ghostscript » Version: 9.01

cpe:2.3:a:artifex:ghostscript:9.01
Artifex » Ghostscript » Version: 9.02

cpe:2.3:a:artifex:ghostscript:9.02
Artifex » Ghostscript » Version: 9.04

cpe:2.3:a:artifex:ghostscript:9.04
Artifex » Ghostscript » Version: 9.05

cpe:2.3:a:artifex:ghostscript:9.05
Artifex » Ghostscript » Version: 9.06

cpe:2.3:a:artifex:ghostscript:9.06
Artifex » Ghostscript » Version: 9.07

cpe:2.3:a:artifex:ghostscript:9.07
Artifex » Ghostscript » Version: 9.09

cpe:2.3:a:artifex:ghostscript:9.09
Artifex » Ghostscript » Version: 9.10

cpe:2.3:a:artifex:ghostscript:9.10
Artifex » Ghostscript » Version: 9.14

cpe:2.3:a:artifex:ghostscript:9.14
Artifex » Ghostscript » Version: 9.15

cpe:2.3:a:artifex:ghostscript:9.15
Artifex » Ghostscript » Version: 9.16

cpe:2.3:a:artifex:ghostscript:9.16
Artifex » Ghostscript » Version: 9.18

cpe:2.3:a:artifex:ghostscript:9.18
Artifex » Ghostscript » Version: 9.19

cpe:2.3:a:artifex:ghostscript:9.19
Artifex » Ghostscript » Version: 9.20

cpe:2.3:a:artifex:ghostscript:9.20
Artifex » Ghostscript » Version: 9.21

cpe:2.3:a:artifex:ghostscript:9.21
Artifex » Ghostscript » Version: 9.22

cpe:2.3:a:artifex:ghostscript:9.22
Artifex » Ghostscript » Version: 9.23

cpe:2.3:a:artifex:ghostscript:9.23
Artifex » Ghostscript » Version: 9.24

cpe:2.3:a:artifex:ghostscript:9.24
Artifex » Ghostscript » Version: 9.25

cpe:2.3:a:artifex:ghostscript:9.25
Artifex » Ghostscript » Version: 9.26

cpe:2.3:a:artifex:ghostscript:9.26
Artifex » Ghostscript » Version: 9.27

cpe:2.3:a:artifex:ghostscript:9.27
Artifex » Ghostscript » Version: 9.28

cpe:2.3:a:artifex:ghostscript:9.28
Fedoraproject » Fedora » Version: 29

cpe:2.3:o:fedoraproject:fedora:29
Fedoraproject » Fedora » Version: 30

cpe:2.3:o:fedoraproject:fedora:30
Fedoraproject » Fedora » Version: 31

cpe:2.3:o:fedoraproject:fedora:31
Opensuse » Leap » Version: 15.0

cpe:2.3:o:opensuse:leap:15.0
Opensuse » Leap » Version: 15.1

cpe:2.3:o:opensuse:leap:15.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-14869

Products

Pricing

Contact Us