Описание
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 9.19~dfsg+1-0ubuntu8 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [9.10~dfsg-0ubuntu10.7]] |
| esm-infra/xenial | released | 9.18~dfsg~0-0ubuntu2.4 |
| precise | released | 9.05~dfsg-0ubuntu4.5 |
| precise/esm | DNE | precise was released [9.05~dfsg-0ubuntu4.5] |
| trusty | released | 9.10~dfsg-0ubuntu10.7 |
| trusty/esm | DNE | trusty was released [9.10~dfsg-0ubuntu10.7] |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remot ...
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3