CVE-2019-10216

Summary

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

Affected Software

VendorProductVersion RangeStatus
ghostscriptghostscriptbefore 9.50affected

Weaknesses

  • CWE-648: CWE-648

ADP Enrichment

CVE Program Container

Additional References

References