Ghostscript .pdf_hook_DSC_Creator Procedure Security Bypass Vulnerability

By GIXnews


A vulnerability in Artifex Software Ghostscript could allow an unauthenticated, local attacker to access or modify data, execute arbitrary commands, or cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists because the .pdf_hook_DSC_Creator procedure does not properly secure privileged calls. An attacker could exploit this vulnerability by executing a crafted PostScript file that submits malicious input to the targeted system. A successful exploit could allow the attacker to access or modify data, execute arbitrary commands, or cause a DoS condition on the system.

Artifex Software has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-14811

Source:: Cisco Multivendor Vulnerability Alerts