← Back to CVEs

CVE-2021-3781

CRITICAL

9.9

Description

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE Details

CVSS v3.1 Score9.9

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published2/16/2022

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

artifex:ghostscriptfedoraproject:fedora

Weaknesses (CWE)

CWE-20CWE-78

References

https://bugzilla.redhat.com/show_bug.cgi?id=2002271(secalert@redhat.com)

https://ghostscript.com/CVE-2021-3781.html(secalert@redhat.com)

https://security.gentoo.org/glsa/202211-11(secalert@redhat.com)

https://bugzilla.redhat.com/show_bug.cgi?id=2002271(af854a3a-2127-422b-91ae-364da2661108)

https://ghostscript.com/CVE-2021-3781.html(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/202211-11(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.