Описание
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
Ссылки
- Issue Tracking
- Mailing List
- Issue Tracking
- Mailing List
Уязвимые конфигурации
EPSS
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
An issue was discovered in Artifex Ghostscript before 10.03.1. Path tr ...
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
Уязвимость файла base/gpmisc.c набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, связанная с неправильной проверкой входных данных, позволяющая нарушителю выполнить произвольный код в системе
EPSS
5.3 Medium
CVSS3