VDB

ALPINE-CVE-2019-14812

ALPINE-CVE-2019-14812 PUBLISHED CVSS 7.800000190734863 HIGH

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Risk Scores

CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.13ghostscript9.27-r2, 9.27-r1, 9.27-r0
Alpine:v3.17ghostscript9.20-r0, 9.20-r1, 9.21-r0
Alpine:v3.12ghostscript9.19-r0, 0, 8.64-r0
Alpine:v3.9ghostscript0, 9.26-r3, 9.26-r2
Alpine:v3.14ghostscript9.09-r0, 9.09-r1, 9.10-r0
Alpine:v3.8ghostscript9.00-r0, 0, 8.64-r0
Alpine:v3.18ghostscript9.06-r1, 9.06-r0, 9.05-r1
Alpine:v3.11ghostscript9.22-r0, 9.21-r1, 9.21-r0
Alpine:v3.22ghostscript9.21-r3, 9.21-r2, 9.21-r1
Alpine:v3.16ghostscript9.06-r2, 0, 8.70-r0
Alpine:v3.7ghostscript9.21-r0, 9.00-r2, 9.06-r2
Alpine:v3.20ghostscript9.05-r1, 9.27-r2, 9.27-r1
Alpine:v3.21ghostscript9.05-r1, 0, 8.64-r0
Alpine:v3.10ghostscript9.05-r0, 9.27-r2, 9.27-r1
Alpine:v3.15ghostscript8.64-r0, 8.70-r0, 8.71-r0
Alpine:v3.23ghostscript9.26-r0, 9.27-r2, 9.27-r1
Alpine:v3.19ghostscript9.09-r0, 0, 8.64-r0

Timeline

  • Nov 27, 2019 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›