oss-sec mailing list archives
Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1
From: Cedric Buissart <cbuissar () redhat com>
Date: Tue, 13 Aug 2019 09:49:19 +0200
On Mon, Aug 12, 2019 at 4:48 PM Bob Friesenhahn <bfriesen () simple dallas tx us> wrote:
Is it known if this issue also impacts the PDF reader? I see that the involved code is Resource/Init/gs_type1.ps which is presumably related to Postscript Type 1 fonts, which might be included in a PDF file.
My personal experience so far is that vulnerabilities requiring to modify error handlers do not work when embedded in a PDF. That being said, maybe I do it wrong and there might be other ways. I didn't have an attempt with that one so far.
Bob -- Bob Friesenhahn bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt
-- Cedric Buissart, Product Security
Current thread:
- ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Cedric Buissart (Aug 12)
- Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Bob Friesenhahn (Aug 12)
- Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Cedric Buissart (Aug 13)
- Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Bob Friesenhahn (Aug 12)