The .buildfont1 does not sufficiently protect its environment. A specially crafted PostScript script can override the typecheck error handler to retrieve a reference to .forceput. This can be used to disable -dSAFER and, for example, access files outside of the restricted area.
Acknowledgments: Name: Artifex Software Upstream: Netanel (Cloudinary)
Mitigation: Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 1740198]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2462 https://access.redhat.com/errata/RHSA-2019:2462
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2465 https://access.redhat.com/errata/RHSA-2019:2465
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10216
Upstream fix : http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19
This issue has been addressed in the following products: 3scale API Management 2.6 Via RHSA-2019:2534 https://access.redhat.com/errata/RHSA-2019:2534