CVE-2013-5653

Опубликовано: 21 окт. 2013

Источник: redhat

CVSS3: 4

CVSS2: 4.3

Описание

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable and list directory respectively, from the target.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	ghostscript	Will not fix
Red Hat OpenShift Enterprise 2	ghostscript	Will not fix
Red Hat Enterprise Linux 6	ghostscript	Fixed	RHSA-2017:0014	04.01.2017
Red Hat Enterprise Linux 7	ghostscript	Fixed	RHSA-2017:0013	04.01.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1380327ghostscript: getenv and filenameforall ignore -dSAFER

4 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2013-5653

CVSS3: 5.5

ubuntu

почти 9 лет назад

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

CVE-2013-5653

CVSS3: 5.5

nvd

почти 9 лет назад

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

CVE-2013-5653

CVSS3: 5.5

debian

почти 9 лет назад

The getenv and filenameforall functions in Ghostscript 9.10 ignore the ...

openSUSE-SU-2016:2855-1

suse-cvrf

около 9 лет назад

Security update for ghostscript

SUSE-SU-2016:2817-1

suse-cvrf

около 9 лет назад

Security update for ghostscript

4 Medium

CVSS3

4.3 Medium

CVSS2