CVE-2019-3838
Summary
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
- LOW
- LOCAL
- NONE
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- NONE
References
Advisory Timeline
- Published