CVE-2019-10216

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10216

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10216.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10216

Downstream

ALPINE-CVE-2019-10216

BELL-CVE-2019-10216

DEBIAN-CVE-2019-10216

DLA-1880-1

DSA-4499-1

RHSA-2019:2462

RHSA-2019:2465

SUSE-SU-2019:2347-1

SUSE-SU-2019:2348-1

UBUNTU-CVE-2019-10216

USN-4092-1

openSUSE-SU-2019:2139-1

openSUSE-SU-2019:2160-1

openSUSE-SU-2024:10783-1

Related

Published

2019-11-27T13:15:10Z

Modified

2026-02-04T23:45:00.739960Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

References

Affected packages