Incorrect Use of Privileged APIs
CVE-2019-3838
Summary
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
- LOW
- LOCAL
- NONE
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- NONE
CWE-648 - Incorrect Use of Privileged APIs
The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
References
Advisory Timeline
- Published