SB2019081208 - Security restrictions bypass in Ghostscript

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10216)

The vulnerability allows a remote attacker to access arbitrary files on the system.

The vulnerability exists due to an error within the .buildfont1 procedure when making privileged secure calls. A remote attacker can create a specially crafted PostScript file, trick the victim into opening it, bypass the ‘-dSAFER’ restrictions and access arbitrary file on the system.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14817)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14813)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14812)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to unrestricted access to .forceput in setuserparams. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.

5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14811)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to unrestricted access to .forceput in .pdf_hook_DSC_Creator. A remote attacker can create a specially crafted PDF file, trick the victim to open it and gain access to arbitrary files on the system.

6) Code Injection (CVE-ID: CVE-2019-14869)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing Truetype fonts. A remote attacker can trick the use user to open a specially crafted document and execute arbitrary commands on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Heap-based buffer overflow (CVE-ID: CVE-2020-27792)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the lp8000_print_page() function in gdevlp8k.c. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://bugs.ghostscript.com/show_bug.cgi?id=701394
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216
• http://git.ghostscript.com/?p=ghostpdl.git;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
• http://git.ghostscript.com/?p=ghostpdl.git;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
• https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f
• https://bugs.ghostscript.com/show_bug.cgi?id=701844
• https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7
• https://lists.debian.org/debian-lts-announce/2022/09/msg00005.html