In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
References
Link | Resource |
---|---|
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216 | Issue Tracking Patch Third Party Advisory |
https://security.gentoo.org/glsa/202004-03 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2019-11-27T12:10:12
Updated: 2020-04-01T21:06:05
Reserved: 2019-03-27T00:00:00
Link: CVE-2019-10216
JSON object: View
NVD Information
Status : Modified
Published: 2019-11-27T13:15:10.747
Modified: 2023-11-07T03:02:26.903
Link: CVE-2019-10216
JSON object: View
Redhat Information
No data.
CWE