Описание
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
Ссылки
- Third Party Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Issue TrackingPatch
- Issue TrackingPatch
- Issue TrackingPatch
- Third Party Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Issue TrackingPatch
- Issue TrackingPatch
- Issue TrackingPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:artifex:afpl_ghostscript:9.10:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00245
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 5.5
ubuntu
больше 8 лет назад
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
CVSS3: 4
redhat
около 12 лет назад
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
CVSS3: 5.5
debian
больше 8 лет назад
The getenv and filenameforall functions in Ghostscript 9.10 ignore the ...
EPSS
Процентиль: 48%
0.00245
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200