Ghostscript -- Security bypass vulnerability

2019-03-21T00:00:00
ID 5ED7102E-6454-11E9-9A3A-001CC0382B2F
Type freebsd
Reporter FreeBSD
Modified 2019-03-21T00:00:00

Description

Cedric Buissart (Red Hat) reports:

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.