← Back

CVE-2019-10216

nvd nist
Published: Nov 27, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

Affected (11)

Artifex
1 product
Ghostscript
Redhat
8 products
3scale Api Management
Enterprise Linux
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Server Aus
Enterprise Linux Server Eus
Enterprise Linux Server Tus
Enterprise Linux Workstation
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ghostscript
Before 9.50
Configuration B
10 vulnerable
Vulnerable SoftwareAffected Versions
3scale Api Management
Version 2.6
Redhat
Enterprise Linux
Version 5.0
Enterprise Linux
Version 6.0
Enterprise Linux
Version 8.0
Enterprise Linux Desktop
Version 7.0
Enterprise Linux Server
Version 7.0
Enterprise Linux Server Aus
Version 7.7
Enterprise Linux Server Eus
Version 7.7
Enterprise Linux Server Tus
Version 7.7
Enterprise Linux Workstation
Version 7.0

Related CWEs

CWE-648
Incorrect Use of Privileged APIs
The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

References (6)

Source: secalert@redhat.com
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.