id summary reporter owner description type status priority milestone component version severity resolution keywords cc 12398 Ghostscript CVE-2019-10216 ken@… ken@… "From redhat [https://access.redhat.com/security/cve/cve-2019-10216] (still shown as 'reserved' at Mitre). It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. CVSS3 base rating 7.3 (high) Attack Vector Network Attack Complexity Low Privileges Required None User Interaction None " enhancement closed high 9.0 BOOK SVN normal fixed