CVE-2019-14812

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Se encontró un fallo en todas las versiones de ghostscript 9.x anteriores a la versión 9.50, en el procedimiento .setuserparams2 donde no aseguraba apropiadamente sus llamadas privilegiadas, permitiendo que los scripts omitieran las restricciones "-dSAFER". Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y luego tener acceso al sistema de archivos o ejecutar comandos arbitrarios.