CVE-2019-14811 PoC — Artifex Software Ghostscript 权限许可和访问控制问题漏洞

Source

https://github.com/matejsmycka/CVE-2019-14811-in-pdf-exploit

Associated Vulnerability

Title:Artifex Software Ghostscript 权限许可和访问控制问题漏洞 (CVE-2019-14811)
Description:A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Description

This exploit targets CVE-2019-14811 in GS environments where PostScript output is not reflected, but is executed such as PDF previews via png images.

Readme

# CVE-2019-14811 GhostScript PDF preview Exploit PoC

This exploit targets CVE-2019-14811 in GS environments where PostScript output is not reflected, but is executed such as PDF previews via png images.

Exploit renders commands directly in (pngXXm) preview, it is based on https://github.com/hhc0null/GhostRule/blob/master/ghostrule1.ps.

The `dSafer` flag gets overridden to allow execution of arbitrary commands using `.forceput` via `.pdf_hook_DSC_Creator`. See screenshot below.

![Showcase](images/showcase.png)

File Snapshot


 [4.0K]  /data/pocs/10871e2fc21e0ccd9c2d41174c3c7b47caddd49a
├── [3.7K]  exploit.pdf
├── [2.9K]  exploit.ps
├── [4.0K]  images
│   └── [345K]  showcase.png
└── [ 518]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!