Описание
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
Ссылки
- Third Party Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Issue TrackingPatch
- Issue TrackingPatch
- Issue TrackingPatch
- Third Party Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Issue TrackingPatch
- Issue TrackingPatch
- Issue TrackingPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:artifex:afpl_ghostscript:9.10:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00253
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 5.5
ubuntu
почти 9 лет назад
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
CVSS3: 4
redhat
больше 12 лет назад
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
CVSS3: 5.5
debian
почти 9 лет назад
The getenv and filenameforall functions in Ghostscript 9.10 ignore the ...
EPSS
Процентиль: 48%
0.00253
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200