Artifex Software Ghostscript .setuserparams2 Procedure Security Bypass Vulnerability

By GIXnews


A vulnerability in Artifex Software Ghostscript could allow an unauthenticated, remote attacker to access or modify data, or execute arbitrary commands on an affected system.

The vulnerability exists because the .setuserparams2 procedure does not properly secure privileged calls. An attacker could exploit this vulnerability by executing a crafted PostScript file that submits malicious input to the affected system. A successful exploit could allow the attacker to access or modify data, or execute arbitrary commands on the system.

Artifex Software has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-14812

Source:: Cisco Multivendor Vulnerability Alerts