In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
artifex ghostscript |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux 6.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux 5.0 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux server eus 7.7 |
||
redhat enterprise linux server aus 7.7 |
||
redhat enterprise linux server tus 7.7 |
||
redhat 3scale api management 2.6 |