CVE-2019-14869 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
redhat	CNA	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
artifex	ghostscript	9.00 ≤ 𝑥 < 9.50
opensuse	leap	15.0
opensuse	leap	15.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ghostscript

bullseye	9.53.3~dfsg-7+deb11u7 fixed
bullseye (security)	9.53.3~dfsg-7+deb11u8 fixed
bookworm	10.0.0~dfsg-11+deb12u4 fixed
bookworm (security)	10.0.0~dfsg-11+deb12u5 fixed
sid	10.04.0~dfsg-1 fixed
trixie	10.04.0~dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

ghostscript

eoan	Fixed 9.27~dfsg+0-0ubuntu3.1 released
disco	Fixed 9.26~dfsg+0-0ubuntu7.4 released
bionic	Fixed 9.26~dfsg+0-0ubuntu0.18.04.12 released
xenial	Fixed 9.26~dfsg+0-0ubuntu0.16.04.12 released
trusty	dne

Common Weakness Enumeration

CWE-648 - Incorrect Use of Privileged APIs
The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

http://jvn.jp/en/jp/JVN52486659/index.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html

http://www.openwall.com/lists/oss-security/2019/11/15/1

https://access.redhat.com/errata/RHSA-2020:0222

https://bugs.ghostscript.com/show_bug.cgi?id=701841

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=485904772c5f

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Q4E3OTDAJRSUCOBTDQO7Y5UTE2FFMLF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HC4REO73BEJOJAU7NHFHJECAUAYJUE3H/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX55AEDERTDFEZAROKZW64MZRPLINEGI/

https://seclists.org/bugtraq/2019/Nov/27

http://jvn.jp/en/jp/JVN52486659/index.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html

http://www.openwall.com/lists/oss-security/2019/11/15/1

https://access.redhat.com/errata/RHSA-2020:0222

https://bugs.ghostscript.com/show_bug.cgi?id=701841

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=485904772c5f

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Q4E3OTDAJRSUCOBTDQO7Y5UTE2FFMLF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HC4REO73BEJOJAU7NHFHJECAUAYJUE3H/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX55AEDERTDFEZAROKZW64MZRPLINEGI/

https://seclists.org/bugtraq/2019/Nov/27