CVE-2019-14813

Q: What is the severity of CVE-2019-14813?

CVE-2019-14813 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Ghostscript versions 9.x before 9.50 allows specially crafted PostScript files to bypass the -dSAFER security sandbox. Attackers can gain file system access or execute arbitrary commands. Any system processing untrusted PostScript files with vulnerable Ghostscript is affected.

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

This vulnerability in Ghostscript versions 9.x before 9.50 allows specially crafted PostScript files to bypass the -dSAFER security sandbox. Attackers can gain file system access or execute arbitrary commands. Any system processing untrusted PostScript files with vulnerable Ghostscript is affected.

💻 Affected Systems

Products:

Ghostscript
Applications using Ghostscript libraries (ImageMagick, LibreOffice, etc.)

Versions: 9.x versions before 9.50

Operating Systems: Linux, Windows, macOS, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using Ghostscript to render PostScript/PDF files is vulnerable when processing untrusted input.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

File system access allowing data exfiltration or privilege escalation.

🟢

If Mitigated

Limited impact if proper input validation and sandboxing are enforced.

🌐 Internet-Facing: HIGH - Web applications processing user-uploaded PostScript files are directly exposed.

🏢 Internal Only: MEDIUM - Internal systems processing documents from untrusted sources remain vulnerable.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires delivering a malicious PostScript file to a vulnerable system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.50 or later

Vendor Advisory: https://access.redhat.com/errata/RHSA-2019:2594

Restart Required: No

Instructions:

1. Update Ghostscript to version 9.50 or later using your package manager.
2. For Linux: 'sudo apt update && sudo apt upgrade ghostscript' (Debian/Ubuntu) or 'sudo yum update ghostscript' (RHEL/CentOS).
3. Verify the update with 'gs --version'.
4. Update any applications that bundle Ghostscript libraries.

🔧 Temporary Workarounds

Disable PostScript processing

all

Configure applications to disable Ghostscript processing of PostScript files.

For ImageMagick: edit policy.xml to remove PS, EPS, PDF delegates

Use -dSAFER with additional restrictions

all

Apply stricter sandboxing where possible, though this vulnerability bypasses -dSAFER.

gs -dSAFER -dNOPAUSE -dBATCH -sDEVICE=... input.ps

🧯 If You Can't Patch

Isolate systems processing untrusted documents in a restricted network segment.
Implement strict file upload validation to block PostScript files or sanitize inputs.

🔍 How to Verify

Check if Vulnerable:

Run 'gs --version' and check if version is below 9.50.

Check Version:

gs --version

Verify Fix Applied:

Confirm 'gs --version' returns 9.50 or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual Ghostscript process execution patterns
Errors from PostScript file processing

Network Indicators:

Unexpected outbound connections from document processing servers

SIEM Query:

process_name:"gs" AND (command_line:"-dSAFER" OR command_line:"PostScript")

📊 Metadata

CVE ID: CVE-2019-14813

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-648

Published: September 6, 2019

Last Updated: November 21, 2024

🔗 References

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html Mailing List,Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:2824 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2594 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813 Issue Tracking,Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
https://seclists.org/bugtraq/2019/Sep/15 Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202004-03 Third Party Advisory
https://www.debian.org/security/2019/dsa-4518 Third Party Advisory
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html Mailing List,Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:2824 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2594 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813 Issue Tracking,Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
https://seclists.org/bugtraq/2019/Sep/15 Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202004-03 Third Party Advisory
https://www.debian.org/security/2019/dsa-4518 Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Debian Linux by Debian

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Enterprise Linux Desktop by Redhat

Enterprise Linux Server by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server Eus by Redhat

Enterprise Linux Server Tus by Redhat

Enterprise Linux Workstation by Redhat

Fedora by Fedoraproject

Fedora by Fedoraproject

Fedora by Fedoraproject

Ghostscript by Artifex

Leap by Opensuse

Leap by Opensuse

Openshift Container Platform by Redhat

Openshift Container Platform by Redhat

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable PostScript processing

Use -dSAFER with additional restrictions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities