Opened 5 years ago
Closed 5 years ago
#12398 closed enhancement (fixed)
Ghostscript CVE-2019-10216
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 9.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
From redhat https://access.redhat.com/security/cve/cve-2019-10216 (still shown as 'reserved' at Mitre).
It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
CVSS3 base rating 7.3 (high)
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Change History (2)
comment:1 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
r21962