#VU20059 Permissions, Privileges, and Access Controls in Ghostscript


Published: 2019-08-12 | Updated: 2022-07-18

Vulnerability identifier: #VU20059

Vulnerability risk: Low

CVSSv3.1: 2.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10216

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Ghostscript
Universal components / Libraries / Libraries used by multiple products

Vendor: Artifex Software, Inc.

Description

The vulnerability allows a remote attacker to access arbitrary files on the system.

The vulnerability exists due to an error within the .buildfont1 procedure when making privileged secure calls. A remote attacker can create a specially crafted PostScript file, trick the victim into opening it, bypass the ‘-dSAFER’ restrictions and access arbitrary file on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Ghostscript: 9.00 - 9.27

External links
http://bugs.ghostscript.com/show_bug.cgi?id=701394
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


OpenSUSE Linux update for SUSE Manager Client Tools
Gentoo update for GPL Ghostscript
OpenSUSE Linux update for ghostscript
OpenSUSE Linux update for ghostscript
Red Hat update for ghostscript
Permissions, Privileges, and Access Controls in ghostscript (Alpine package)
Red Hat update for ghostscript
Ubuntu update for Ghostscript
Security restrictions bypass in Ghostscript
Debian update for ghostscript