Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-33870

Опубликовано: 03 июл. 2024
Источник: debian

Описание

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ghostscriptfixed10.03.1~dfsg~git20240518-1package
ghostscriptnot-affectedbusterpackage

Примечания

  • https://ghostscript.readthedocs.io/en/gs10.03.1/News.html

  • https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 (ghostpdl-10.03.1)

  • https://bugs.ghostscript.com/show_bug.cgi?id=707686

Связанные уязвимости

ubuntu логотип

CVE-2024-33870

CVSS3: 6.3
ubuntu
12 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

redhat логотип

CVE-2024-33870

CVSS3: 6.8
redhat
около 1 года назад

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

nvd логотип

CVE-2024-33870

CVSS3: 6.3
nvd
12 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

github логотип

GHSA-3xr3-vrm2-6jc7

CVSS3: 6.3
github
12 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

fstec логотип

BDU:2024-05063

CVSS3: 6.8
fstec
около 1 года назад

Уязвимость интерпретатора набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, связанная с ошибками в обработке относительного пути к каталогу, позволяющая нарушителю выполнить произвольный код