Описание
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:aladdin_enterprises:ghostscript:4.3:*:*:*:*:*:*:*
cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10:*:*:*:*:*:*:*
cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.15:*:*:*:*:*:*:*
cpe:2.3:a:aladdin_enterprises:ghostscript:5.10cl:*:*:*:*:*:*:*
cpe:2.3:a:aladdin_enterprises:ghostscript:5.50:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00086
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
EPSS
Процентиль: 26%
0.00086
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other