Описание
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 9.26~dfsg+0-0ubuntu0.18.04.8 |
| cosmic | released | 9.26~dfsg+0-0ubuntu0.18.10.8 |
| devel | released | 9.26~dfsg+0-0ubuntu7 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [9.26~dfsg+0-0ubuntu0.14.04.8]] |
| esm-infra/bionic | not-affected | 9.26~dfsg+0-0ubuntu0.18.04.8 |
| esm-infra/xenial | not-affected | 9.26~dfsg+0-0ubuntu0.16.04.8 |
| precise/esm | DNE | |
| trusty | released | 9.26~dfsg+0-0ubuntu0.14.04.8 |
| trusty/esm | DNE | trusty was released [9.26~dfsg+0-0ubuntu0.14.04.8] |
| upstream | needs-triage |
Показывать по
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
It was found that the superexec operator was available in the internal ...
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Уязвимость программы конвертирования файлов Ghostscript, связанная с небезопасным управлением привилегиями, позволяющая нарушителю повысить свои привилегии
4.3 Medium
CVSS2
5.5 Medium
CVSS3