admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#2851

Browse Source 
Auto-merge PR#2851
This commit is contained in:
CVE Team 2020-01-07 12:00:17 -05:00 committed by GitHub
commit 3709a8a5dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2019/10xxx/CVE-2019-10216.json
View File

@ -19,7 +19,8 @@
"version": {
"version_data": [
{
"version_value": "9.50"
"version_value": "9.50",
"version_affected": "<"
}
]
}
@ -48,6 +49,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216",
"refsource": "CONFIRM"
},
{
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19",
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19",
"refsource": "CONFIRM"
}
]
},
@ -55,7 +61,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."
"value": "It was found that in ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."
}
]
},