In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
References
Link | Resource |
---|---|
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216 | Issue Tracking Patch Third Party Advisory |
https://security.gentoo.org/glsa/202004-03 | Third Party Advisory |
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216 | Issue Tracking Patch Third Party Advisory |
https://security.gentoo.org/glsa/202004-03 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 04:18
Type | Values Removed | Values Added |
---|---|---|
References | () http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://security.gentoo.org/glsa/202004-03 - Third Party Advisory |
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-11-27 13:15
Updated : 2024-11-21 04:18
NVD link : CVE-2019-10216
Mitre link : CVE-2019-10216
CVE.ORG link : CVE-2019-10216
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux_server_eus
- enterprise_linux
- enterprise_linux_desktop
- 3scale_api_management
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_workstation
artifex
- ghostscript
CWE