It was found that the .buildfont1 procedure did not...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Nov 27, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Apr 4, 2024
It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass
-dSAFER
restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.References