SB2019090215 - Red Hat update for ghostscript
Published: September 2, 2019 Updated: June 20, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14811)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in .pdf_hook_DSC_Creator. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14812)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14813)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14817)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.
Remediation
Install update from vendor's website.