{"containers": {"cna": {"affected": [{"product": "ghostscript", "vendor": "ghostscript", "versions": [{"status": "affected", "version": "before 9.50"}]}], "descriptions": [{"lang": "en", "value": "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-648", "description": "CWE-648", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-01T21:06:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19"}, {"name": "GLSA-202004-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202004-03"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-10216", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ghostscript", "version": {"version_data": [{"version_value": "before 9.50"}]}}]}, "vendor_name": "ghostscript"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."}]}, "impact": {"cvss": [[{"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-648"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"}, {"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19", "refsource": "CONFIRM", "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19"}, {"name": "GLSA-202004-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202004-03"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:17:18.936Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19"}, {"name": "GLSA-202004-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202004-03"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-10216", "datePublished": "2019-11-27T12:10:12", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2024-08-04T22:17:18.936Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F129EB4-EEB2-46F1-8DAA-E016D7EE1356", "versionEndExcluding": "9.50", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:3scale_api_management:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "923249F9-2CEB-4CC8-B72C-71617B057280", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."}, {"lang": "es", "value": "En ghostscript anterior a la versi\u00f3n 9.50, el procedimiento .buildfont1 no aseguraba adecuadamente sus llamadas privilegiadas, permitiendo que los scripts eludieran las restricciones `-dSAFER`. Un atacante podr\u00eda abusar de esta fallo  al crear un archivo PostScript especialmente dise\u00f1ado que podr\u00eda escalar privilegios y acceder a archivos fuera de las \u00e1reas restringidas."}], "id": "CVE-2019-10216", "lastModified": "2024-11-21T04:18:40.523", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-27T13:15:10.747", "references": [{"source": "secalert@redhat.com", "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202004-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202004-03"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-648"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue. Upstream acknowledges Netanel (Cloudinary) as the original reporter.", "affected_release": [{"advisory": "RHSA-2019:2534", "cpe": "cpe:/a:redhat:3scale_amp:2", "package": "3scale-amp26/3scale-operator:1.9-7", "product_name": "3scale API Management 2.6 on RHEL 7", "release_date": "2019-08-21T00:00:00Z"}, {"advisory": "RHSA-2019:2534", "cpe": "cpe:/a:redhat:3scale_amp:2", "package": "3scale-amp26/apicast-gateway:1.15-9", "product_name": "3scale API Management 2.6 on RHEL 7", "release_date": "2019-08-21T00:00:00Z"}, {"advisory": "RHSA-2019:2534", "cpe": "cpe:/a:redhat:3scale_amp:2", "package": "3scale-amp26/backend:1.9-24", "product_name": "3scale API Management 2.6 on RHEL 7", "release_date": "2019-08-21T00:00:00Z"}, {"advisory": "RHSA-2019:2534", "cpe": "cpe:/a:redhat:3scale_amp:2", "package": "3scale-amp26/operator:1.9-7", "product_name": "3scale API Management 2.6 on RHEL 7", "release_date": "2019-08-21T00:00:00Z"}, {"advisory": "RHSA-2019:2534", "cpe": "cpe:/a:redhat:3scale_amp:2", "package": "3scale-amp26/toolbox:1.2-5", "product_name": "3scale API Management 2.6 on RHEL 7", "release_date": "2019-08-21T00:00:00Z"}, {"advisory": "RHSA-2019:2534", "cpe": "cpe:/a:redhat:3scale_amp:2", "package": "3scale-amp26/zync:1.9-28", "product_name": "3scale API Management 2.6 on RHEL 7", "release_date": "2019-08-21T00:00:00Z"}, {"advisory": "RHSA-2019:2462", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ghostscript-0:9.25-2.el7_7.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-12T00:00:00Z"}, {"advisory": "RHSA-2019:2465", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "ghostscript-0:9.25-2.el8_0.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-08-12T00:00:00Z"}], "bugzilla": {"description": "ghostscript: -dSAFER escape via .buildfont1 (701394)", "id": "1737080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737080"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-648", "details": ["In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.", "It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."], "mitigation": {"lang": "en:us", "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509"}, "name": "CVE-2019-10216", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2019-08-12T13:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-10216\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10216"], "threat_severity": "Important"}