CVE-2019-10216

CWE-6489 documents8 sources

Severity

7.8HIGH

EPSS

0.5%

top 32.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript Ghostscript Ghostscript Redhat 3scale API Management +7 more

Timeline

PublishedNov 27

Latest updateMay 24

Description

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶NVDartifex/ghostscript< 9.50

▶Debianghostscript< 9.27~dfsg-3.1+3

▶CVEListV5ghostscript/ghostscriptbefore 9.50

▶NVDredhat/3scale_api_management2.6

▶NVDredhat/enterprise_linux_server7.0

Also affects: Enterprise Linux 5.0, 6.0, 8.0, 7.7

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-9xw2-pr37-vhp5: It was found that the↗2022-05-24

▶

CVEList

CVE-2019-10216: In ghostscript before version 9↗2019-11-27

▶

OSV

CVE-2019-10216: In ghostscript before version 9↗2019-11-27

▶

📋Vendor Advisories

Red Hat

ghostscript: -dSAFER escape via .buildfont1 (701394)↗2019-08-12

▶

Ubuntu

Ghostscript vulnerability↗2019-08-12

▶

Debian

CVE-2019-10216: ghostscript - In ghostscript before version 9.50, the .buildfont1 procedure did not properly s...↗2019

▶

💬Community

Bugzilla

CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394) [fedora-all]↗2019-08-12

▶

Bugzilla

CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)↗2019-08-02

▶