Vulnerabilities

CVE-2019-10216

by Fred · 27/11/2019

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

Date published : 2019-11-27

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216

Similar

Tags: Cybersecurity Alert