Endpoint Vulnerability

CVE-2019-10216ghostscript: -dSAFER escape via .buildfont1 (701394)

Description

It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

Affected Products

ghostscript

References

CVE-2019-10216,