Описание
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 10.03.1~dfsg1-0ubuntu3 |
| esm-infra/bionic | released | 9.26~dfsg+0-0ubuntu0.18.04.18+esm3 |
| esm-infra/focal | not-affected | 9.50~dfsg-5ubuntu4.14 |
| esm-infra/xenial | released | 9.26~dfsg+0-0ubuntu0.16.04.14+esm8 |
| focal | released | 9.50~dfsg-5ubuntu4.14 |
| jammy | released | 9.55.0~dfsg1-0ubuntu5.10 |
| noble | released | 10.02.1~dfsg1-0ubuntu7.4 |
| oracular | released | 10.03.1~dfsg1-0ubuntu2.1 |
| upstream | released | 10.04.0~dfsg-1 |
Показывать по
EPSS
7.8 High
CVSS3
Связанные уязвимости
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
An issue was discovered in base/gsdevice.c in Artifex Ghostscript befo ...
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
Уязвимость компонента base/gsdevice.c набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю выполнить произвольный код
EPSS
7.8 High
CVSS3