VDB

ALPINE-CVE-2019-14869

ALPINE-CVE-2019-14869 PUBLISHED CVSS 8.800000190734863 HIGH

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.9ghostscript9.26-r4, 9.26-r3, 9.26-r2
Alpine:v3.10ghostscript9.27-r3, 9.27-r2, 9.27-r1
Alpine:v3.12ghostscript9.00-r2, 9.27-r4, 9.27-r3
Alpine:v3.21ghostscript0, 8.64-r0, 8.71-r0
Alpine:v3.22ghostscript9.16-r0, 9.27-r4, 9.27-r3
Alpine:v3.20ghostscript9.27-r4, 9.27-r3, 9.27-r2
Alpine:v3.15ghostscript0, 8.64-r0, 8.71-r1
Alpine:v3.18ghostscript9.16-r1, 0, 8.64-r0
Alpine:v3.13ghostscript0, 8.64-r0, 8.70-r0
Alpine:v3.14ghostscript9.27-r4, 0, 8.64-r0
Alpine:v3.16ghostscript9.27-r4, 0, 8.64-r0
Alpine:v3.23ghostscript9.27-r4, 8.64-r0, 8.71-r1
Alpine:v3.11ghostscript9.27-r4, 0, 8.64-r0
Alpine:v3.19ghostscript0, 8.64-r0, 8.70-r0
Alpine:v3.17ghostscript0, 9.27-r4, 9.27-r3

Timeline

  • Nov 15, 2019 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›