vulnerability
Artifex Ghostscript: (CVE-2021-3781) Ghostscript GhostPDL 9.50 through 9.55.0 has insufficient file access protection
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Feb 16, 2022 | Mar 22, 2022 | Nov 1, 2022 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Feb 16, 2022
Added
Mar 22, 2022
Modified
Nov 1, 2022
Description
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Solution
ghostscript-upgrade-9_55

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.