In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER
restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
{ "binaries": [ { "binary_name": "ghostscript", "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.10" }, { "binary_name": "ghostscript-dbg", "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.10" }, { "binary_name": "ghostscript-dbgsym", "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.10" }, { "binary_name": "ghostscript-doc", "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.10" }, { "binary_name": "ghostscript-x", "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.10" }, { "binary_name": "ghostscript-x-dbgsym", "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.10" }, { "binary_name": "libgs-dev", "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.10" }, { "binary_name": "libgs-dev-dbgsym", "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.10" }, { "binary_name": "libgs9", "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.10" }, { "binary_name": "libgs9-common", "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.10" }, { "binary_name": "libgs9-dbgsym", "binary_version": "9.26~dfsg+0-0ubuntu0.16.04.10" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "ghostscript", "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.10" }, { "binary_name": "ghostscript-dbg", "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.10" }, { "binary_name": "ghostscript-doc", "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.10" }, { "binary_name": "ghostscript-x", "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.10" }, { "binary_name": "libgs-dev", "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.10" }, { "binary_name": "libgs9", "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.10" }, { "binary_name": "libgs9-common", "binary_version": "9.26~dfsg+0-0ubuntu0.18.04.10" } ], "availability": "No subscription required" }