Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-33869

Опубликовано: 03 июл. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 5.3

Описание

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.

РелизСтатусПримечание
devel

released

10.02.1~dfsg1-0ubuntu9
esm-infra/bionic

needs-triage

esm-infra/focal

not-affected

9.50~dfsg-5ubuntu4.12
esm-infra/xenial

needs-triage

focal

released

9.50~dfsg-5ubuntu4.12
jammy

released

9.55.0~dfsg1-0ubuntu5.7
mantic

released

10.01.2~dfsg1-0ubuntu2.3
noble

released

10.02.1~dfsg1-0ubuntu7.1
oracular

released

10.02.1~dfsg1-0ubuntu9
plucky

released

10.02.1~dfsg1-0ubuntu9

Показывать по

Ссылки на источники

EPSS

Процентиль: 6%
0.00028
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-33869

CVSS3: 5.3
redhat
около 1 года назад

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.

nvd логотип

CVE-2024-33869

CVSS3: 5.3
nvd
12 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.

debian логотип

CVE-2024-33869

CVSS3: 5.3
debian
12 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.03.1. Path tr ...

github логотип

GHSA-v6hc-9c6c-f599

CVSS3: 5.3
github
12 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.

fstec логотип

BDU:2024-07480

CVSS3: 8.8
fstec
12 месяцев назад

Уязвимость файла base/gpmisc.c набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, связанная с неправильной проверкой входных данных, позволяющая нарушителю выполнить произвольный код в системе

EPSS

Процентиль: 6%
0.00028
Низкий

5.3 Medium

CVSS3