CVE-2019-10216: Ghostscript -dSAFER sandbox bypass vulnerabilities alert
Artifex officially submitted a fix for the merged Bug 701394 on the master branch of Ghostscript. Designed to fix CVE-2019-10216 vulnerability. The vulnerability can bypass the Ghostscript security sandbox directly, allowing an attacker to read arbitrary files or command execution. Ghostscript is widely used, and image processing applications such as ImageMagick, python-matplotlib, and libmagick.
Vulnerability description
It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
Affected version
Ghostscript is the underlying application for image processing format conversion. The vulnerability caused all upstream applications that reference GhostScript to be affected.
- imagemagick
- libmagick
- graphicsmagick
- gimp
- python-matplotlib
- texlive-core
- texmacs
- latex2html
- latex2rtf
Solution
<policymap> <policy domain=“coder” rights=“none” pattern=“PS” /> <policy domain=“coder” rights=“none” pattern=“EPS” /> <policy domain=“coder” rights=“none” pattern=“PDF” /> <policy domain=“coder” rights=“none” pattern=“XPS” /> <policy domain=“coder” rights=“none” pattern=“PCD” /> </policymap>
However, the policy is very loose, and there may be some unmentioned formats that are bypassed.