ID CVE-2019-10216
Summary In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.27:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.27:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.28:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.28:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:3scale_api_management:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:3scale_api_management:2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 30-09-2020 - 18:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1737080
    title CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment ghostscript is earlier than 0:9.25-2.el7_7.1
            oval oval:com.redhat.rhsa:tst:20192462001
          • comment ghostscript is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120095009
        • AND
          • comment ghostscript-cups is earlier than 0:9.25-2.el7_7.1
            oval oval:com.redhat.rhsa:tst:20192462003
          • comment ghostscript-cups is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170013004
        • AND
          • comment ghostscript-doc is earlier than 0:9.25-2.el7_7.1
            oval oval:com.redhat.rhsa:tst:20192462005
          • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120095013
        • AND
          • comment ghostscript-gtk is earlier than 0:9.25-2.el7_7.1
            oval oval:com.redhat.rhsa:tst:20192462007
          • comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120095015
        • AND
          • comment libgs is earlier than 0:9.25-2.el7_7.1
            oval oval:com.redhat.rhsa:tst:20192462009
          • comment libgs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190971016
        • AND
          • comment libgs-devel is earlier than 0:9.25-2.el7_7.1
            oval oval:com.redhat.rhsa:tst:20192462011
          • comment libgs-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190971018
    rhsa
    id RHSA-2019:2462
    released 2019-08-12
    severity Important
    title RHSA-2019:2462: ghostscript security update (Important)
  • bugzilla
    id 1737080
    title CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment ghostscript is earlier than 0:9.25-2.el8_0.2
            oval oval:com.redhat.rhsa:tst:20192465001
          • comment ghostscript is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120095009
        • AND
          • comment ghostscript-debugsource is earlier than 0:9.25-2.el8_0.2
            oval oval:com.redhat.rhsa:tst:20192465003
          • comment ghostscript-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190971004
        • AND
          • comment ghostscript-doc is earlier than 0:9.25-2.el8_0.2
            oval oval:com.redhat.rhsa:tst:20192465005
          • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120095013
        • AND
          • comment ghostscript-tools-dvipdf is earlier than 0:9.25-2.el8_0.2
            oval oval:com.redhat.rhsa:tst:20192465007
          • comment ghostscript-tools-dvipdf is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190971008
        • AND
          • comment ghostscript-tools-fonts is earlier than 0:9.25-2.el8_0.2
            oval oval:com.redhat.rhsa:tst:20192465009
          • comment ghostscript-tools-fonts is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190971010
        • AND
          • comment ghostscript-tools-printing is earlier than 0:9.25-2.el8_0.2
            oval oval:com.redhat.rhsa:tst:20192465011
          • comment ghostscript-tools-printing is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190971012
        • AND
          • comment ghostscript-x11 is earlier than 0:9.25-2.el8_0.2
            oval oval:com.redhat.rhsa:tst:20192465013
          • comment ghostscript-x11 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190971014
        • AND
          • comment libgs is earlier than 0:9.25-2.el8_0.2
            oval oval:com.redhat.rhsa:tst:20192465015
          • comment libgs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190971016
        • AND
          • comment libgs-devel is earlier than 0:9.25-2.el8_0.2
            oval oval:com.redhat.rhsa:tst:20192465017
          • comment libgs-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190971018
    rhsa
    id RHSA-2019:2465
    released 2019-08-12
    severity Important
    title RHSA-2019:2465: ghostscript security update (Important)
rpms
  • ghostscript-0:9.25-2.el7_7.1
  • ghostscript-cups-0:9.25-2.el7_7.1
  • ghostscript-debuginfo-0:9.25-2.el7_7.1
  • ghostscript-doc-0:9.25-2.el7_7.1
  • ghostscript-gtk-0:9.25-2.el7_7.1
  • libgs-0:9.25-2.el7_7.1
  • libgs-devel-0:9.25-2.el7_7.1
  • ghostscript-0:9.25-2.el8_0.2
  • ghostscript-debuginfo-0:9.25-2.el8_0.2
  • ghostscript-debugsource-0:9.25-2.el8_0.2
  • ghostscript-doc-0:9.25-2.el8_0.2
  • ghostscript-gtk-debuginfo-0:9.25-2.el8_0.2
  • ghostscript-tools-dvipdf-0:9.25-2.el8_0.2
  • ghostscript-tools-fonts-0:9.25-2.el8_0.2
  • ghostscript-tools-printing-0:9.25-2.el8_0.2
  • ghostscript-x11-0:9.25-2.el8_0.2
  • ghostscript-x11-debuginfo-0:9.25-2.el8_0.2
  • libgs-0:9.25-2.el8_0.2
  • libgs-debuginfo-0:9.25-2.el8_0.2
  • libgs-devel-0:9.25-2.el8_0.2
refmap via4
confirm
gentoo GLSA-202004-03
Last major update 30-09-2020 - 18:17
Published 27-11-2019 - 13:15
Last modified 30-09-2020 - 18:17
Back to Top