Cedric Buissart (Red Hat) reports:
A flaw was found in, ghostscript versions prior to 9.50, in the
.pdf_hook_DSC_Creator procedure where it did not properly secure
its privileged calls, enabling scripts to bypass `-dSAFER`
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.
A flaw was found in all ghostscript versions 9.x before 9.50, in
the .setuserparams2 procedure where it did not properly secure its
privileged calls, enabling scripts to bypass `-dSAFER`
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.
A flaw was found in ghostscript, versions 9.x before 9.50, in the
setsystemparams procedure where it did not properly secure its
privileged calls, enabling scripts to bypass `-dSAFER`
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.50, in the
.pdfexectoken and other procedures where it did not properly secure
its privileged calls, enabling scripts to bypass `-dSAFER`
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.