CVE-2019-10216
Published: 12 August 2019
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
From the Ubuntu Security Team
Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when '-dSAFER' restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files.
Priority
Status
Package | Release | Status |
---|---|---|
ghostscript Launchpad, Ubuntu, Debian |
bionic |
Released
(9.26~dfsg+0-0ubuntu0.18.04.10)
|
disco |
Released
(9.26~dfsg+0-0ubuntu7.2)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Released
(9.26~dfsg+0-0ubuntu0.16.04.10)
|
|
Patches: upstream: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |