PT-2019-3233 · Artifex+5 · Ghostscript+5

Cedric Buissart

Published

2019-08-02

Updated

2024-06-15

CVE-2019-10216

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ghostscript versions prior to 9.50

Description The issue is related to the .buildfont1 procedure in Ghostscript, which did not properly secure its privileged calls, allowing scripts to bypass -dSAFER restrictions. An attacker could exploit this flaw by creating a specially crafted PostScript file to escalate privileges and access files outside of restricted areas. This could potentially be used to execute arbitrary code in the system.

Recommendations For Ghostscript versions prior to 9.50, update to version 9.50 or later to resolve the issue. As a temporary workaround, consider restricting access to the .buildfont1 procedure until a patch is available. Avoid processing specially crafted PostScript files that could exploit this vulnerability.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-648

Related Identifiers

ALT-PU-2020-2917

ALT-PU-2020-2921

ALT-PU-2020-3124

BDU:2019-03223

CESA-2019_2465

CVE-2019-10216

DLA-1880-1

DSA-4499-1

MGASA-2019-0236

OPENSUSE-SU-2019:2139-1

OPENSUSE-SU-2019:2160-1

OPENSUSE-SU-2019_2139-1

OPENSUSE-SU-2019_2160-1

OPENSUSE-SU-2024:10783-1

RHSA-2019:2462

RHSA-2019:2465

RHSA-2019_2462

RHSA-2019_2465

SUSE-SU-2019:2347-1

SUSE-SU-2019:2348-1

SUSE-SU-2019_2347-1

SUSE-SU-2019_2348-1

USN-4092-1

Affected Products

Alt Linux

Centos

Ghostscript

Red Hat

Suse

Ubuntu

PT-2019-3233 · Artifex+5 · Ghostscript+5

CVE-2019-10216

Weakness Enumeration

Related Identifiers

Affected Products

References · 86