Artifex Software Ghostscript setsystemparams Procedure Security Bypass Vulnerability

By GIXnews


A vulnerability in Artifex Software Ghostscript could allow an unauthenticated, remote attacker to access or modify data, execute arbitrary commands, or cause a denial of service (DoS) condition on an affected system.

The vulnerability exists because the setsystemparams procedure does not properly secure privileged calls. An attacker could exploit this vulnerability by executing a crafted PostScript file that submits malicious input to the affected system. A successful exploit could allow the attacker to access or modify data, execute arbitrary commands, or cause a DoS condition on the system.

Artifex Software has confirmed the vulnerability and released software updates.

Security Impact Rating: Critical

CVE: CVE-2019-14813

Source:: Cisco Multivendor Vulnerability Alerts