Описание
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could, in the context of the gs process, retrieve file content on the target machine.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ghostscript | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | ghostscript | Will not fix | ||
| Red Hat Enterprise Linux 6 | ghostscript | Fixed | RHSA-2017:0014 | 04.01.2017 |
| Red Hat Enterprise Linux 7 | ghostscript | Fixed | RHSA-2017:0013 | 04.01.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.2 Medium
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
EPSS
6.2 Medium
CVSS3
4.3 Medium
CVSS2