Opened 5 years ago
Closed 5 years ago
#12398 closed enhancement (fixed)
Ghostscript CVE-2019-10216
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | high | Milestone: | 9.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
From redhat https://access.redhat.com/security/cve/cve-2019-10216 (still shown as 'reserved' at Mitre).
It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER
restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
CVSS3 base rating 7.3 (high)
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Change History (2)
comment:1 by , 5 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 5 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
r21962