Unrated severityNVD Advisory· Published Nov 27, 2019· Updated Aug 4, 2024
CVE-2019-10216
CVE-2019-10216
Description
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
Affected products
12- osv-coords11 versionspkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ghostscript-mini&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ghostscript-mini&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
< 9.26a-lp150.2.20.1+ 10 more
- (no CPE)range: < 9.26a-lp150.2.20.1
- (no CPE)range: < 9.26a-lp151.3.3.1
- (no CPE)range: < 9.54.0-2.2
- (no CPE)range: < 9.26a-lp150.2.20.1
- (no CPE)range: < 9.26a-lp151.3.3.1
- (no CPE)range: < 9.26a-23.25.1
- (no CPE)range: < 9.26a-3.18.2
- (no CPE)range: < 9.26a-3.18.2
- (no CPE)range: < 9.26a-23.25.1
- (no CPE)range: < 9.26a-23.25.1
- (no CPE)range: < 9.26a-23.25.1
- Range: before 9.50
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- security.gentoo.org/glsa/202004-03mitrevendor-advisoryx_refsource_GENTOO
- git.ghostscript.commitrex_refsource_CONFIRM
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.