Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-10216

Опубликовано: 12 авг. 2019
Источник: redhat
CVSS3: 7.3
EPSS Низкий

Описание

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

Меры по смягчению последствий

Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ghostscriptOut of support scope
Red Hat Enterprise Linux 6ghostscriptOut of support scope
3scale API Management 2.6 on RHEL 73scale-amp26/3scale-operatorFixedRHSA-2019:253421.08.2019
3scale API Management 2.6 on RHEL 73scale-amp26/apicast-gatewayFixedRHSA-2019:253421.08.2019
3scale API Management 2.6 on RHEL 73scale-amp26/backendFixedRHSA-2019:253421.08.2019
3scale API Management 2.6 on RHEL 73scale-amp26/operatorFixedRHSA-2019:253421.08.2019
3scale API Management 2.6 on RHEL 73scale-amp26/toolboxFixedRHSA-2019:253421.08.2019
3scale API Management 2.6 on RHEL 73scale-amp26/zyncFixedRHSA-2019:253421.08.2019
Red Hat Enterprise Linux 7ghostscriptFixedRHSA-2019:246212.08.2019
Red Hat Enterprise Linux 8ghostscriptFixedRHSA-2019:246512.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-648
https://bugzilla.redhat.com/show_bug.cgi?id=1737080ghostscript: -dSAFER escape via .buildfont1 (701394)

EPSS

Процентиль: 66%
0.00526
Низкий

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-10216

CVSS3: 7.8
ubuntu
около 6 лет назад

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

nvd логотип

CVE-2019-10216

CVSS3: 7.8
nvd
около 6 лет назад

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

debian логотип

CVE-2019-10216

CVSS3: 7.8
debian
около 6 лет назад

In ghostscript before version 9.50, the .buildfont1 procedure did not ...

suse-cvrf логотип

openSUSE-SU-2019:2160-1

suse-cvrf
больше 6 лет назад

Security update for ghostscript

suse-cvrf логотип

openSUSE-SU-2019:2139-1

suse-cvrf
больше 6 лет назад

Security update for ghostscript

EPSS

Процентиль: 66%
0.00526
Низкий

7.3 High

CVSS3