#12398: Ghostscript CVE-2019-10216 -------------------------+----------------------- Reporter: ken@… | Owner: blfs-book Type: enhancement | Status: new Priority: high | Milestone: 9.0 Component: BOOK | Version: SVN Severity: normal | Keywords: -------------------------+----------------------- From redhat [https://access.redhat.com/security/cve/cve-2019-10216] (still shown as 'reserved' at Mitre).
It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. CVSS3 base rating 7.3 (high) Attack Vector Network Attack Complexity Low Privileges Required None User Interaction None -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/12398> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page