Published: 27/11/2019 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex ghostscript
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux 6.0
redhat enterprise linux server 7.0
redhat enterprise linux 5.0
redhat enterprise linux 8.0
redhat enterprise linux server eus 7.7
redhat enterprise linux server aus 7.7
redhat enterprise linux server tus 7.7
redhat 3scale api management 2.6

Debian Bug report logs - #934638 ghostscript: CVE-2019-10216 Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 12 Aug 2019 19:30:02 UTC Severity: grave Tags: patch, security, upstream F ...

Ghostscript could be made to access files if it opened a specially crafted file ...

Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Important: Red Hat 3scale API Management 260 release and security update Type/Severity Security Advisory: Important Topic A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container CatalogRed Hat Product Security has rated this update as having a sec ...

Netanel reported that the buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox For the oldstable distribution (stretch), this problem has been fixed in version 926a~dfsg-0+deb9u4 For the stable distribu ...

Impact: Important Public Date: 2019-08-12 CWE: CWE-648 Bugzilla: 1737080: CVE-2019-10216 ghostscript: - ...

Some exploits to bypass Safer Mode in Ghostscript

GhostRule This is a series of exploits that bypass SAFER mode of Ghostscript Ghostscript <= 92x The PoC codes shown below allow you to get command execution or file I/O at the privilege of the process even if Ghostscript is running on SAFER mode However, all of them bypass the protection by overwriting the security flags in systemdict therefore they have no longer eff

NVD-CWE-Other https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216 https://security.gentoo.org/glsa/202004-03 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934638 https://usn.ubuntu.com/4092-1/https://nvd.nist.gov

CVE-2019-10216

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect