GHSA-rmm8-wf49-vvww

Опубликовано: 25 мар. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

Ссылки

EPSS

Процентиль: 38%

0.00168

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2025-27837

Дефекты

CWE-22

Связанные уязвимости

CVE-2025-27837

CVSS3: 9.8

ubuntu

6 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

CVE-2025-27837

CVSS3: 5.3

redhat

6 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

CVE-2025-27837

CVSS3: 9.8

nvd

6 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

CVE-2025-27837

CVSS3: 9.8

debian

6 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.05.0. Access ...

BDU:2025-03708

CVSS3: 9.8

fstec

8 месяцев назад

Уязвимость функции gp_open_scratch_file_impl() файлов base/gp_mswin.c и base/winrtsup.cpp набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю читать произвольные файлы

EPSS

Процентиль: 38%

0.00168

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2025-27837

Дефекты

CWE-22