CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-3781

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1710%
EPSS Percentile14.65th
Published2022年2月16日
Last Modified2024年11月21日

Vulnerability Description

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Affected Platforms (CPE)

📦
Artifex

Ghostscript

= 9.50
📦
Artifex

Ghostscript

= 9.52
📦
Artifex

Ghostscript

= 9.53.3
📦
Artifex

Ghostscript

= 9.54.0
💻
Fedoraproject

Fedora

= 34

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=2002271
🔗 https://ghostscript.com/CVE-2021-3781.html
🔗 https://security.gentoo.org/glsa/202211-11
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=2002271
🔗 https://ghostscript.com/CVE-2021-3781.html
🔗 https://security.gentoo.org/glsa/202211-11

相關漏洞威脅

CVE-2020-276059.8

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks...

CVE-2020-159009.8

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow over...

CVE-2019-148139.8

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its p...

CVE-2020-367739.8

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) becaus...