CVE-2019-10216

Published: Nov 27, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-2231 Aliases: GSD-2019-10216
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
MEDIUM 6,8
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0053
Percentile
0,7th
Updated

EPSS Score Trend (Last 90 Days)

648

Incorrect Use of Privileged APIs

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Integrity Availability
Potential Impacts:
Gain Privileges Or Assume Identity Read Application Data Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Low
View CWE Details
Operating System

Enterprise Linux Server Tus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Tus
Version 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 5.0
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Ghostscript by Artifex

Product Information
Vendor Artifex
Product Ghostscript
Version Range Affected
To 9.50 (exclusive)
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Eus
Version 7.7
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Desktop by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Desktop
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Aus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Aus
Version 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Workstation by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Workstation
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

3Scale Api Management by Redhat

Product Information
Vendor Redhat
Product 3Scale Api Management
Version 2.6
cpe:2.3:a:redhat:3scale_api_management:2.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3…
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216
Issue Tracking Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216
https://security.gentoo.org/glsa/202004-03
Third Party Advisory
https://security.gentoo.org/glsa/202004-03
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3…
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216
Issue Tracking Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216
https://security.gentoo.org/glsa/202004-03
Third Party Advisory
https://security.gentoo.org/glsa/202004-03