Endpoint Vulnerability

CVE-2019-14869ghostscript: -dSAFER escape in .charkeys (701841)

Description

A flaw was found in the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.

Affected Products

ghostscript

References

CVE-2019-14869,