Opened 5 years ago

Closed 5 years ago

#12398 closed enhancement (fixed)

Ghostscript CVE-2019-10216

Reported by: ken@… Owned by: ken@…
Priority: high Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

From redhat https://access.redhat.com/security/cve/cve-2019-10216 (still shown as 'reserved' at Mitre).

It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

CVSS3 base rating 7.3 (high)

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Change History (2)

comment:1 by ken@…, 5 years ago

Owner: changed from blfs-book to ken@…
Status: newassigned

comment:2 by ken@…, 5 years ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.