← Retour aux CVEs

CVE-2021-3781

CRITICAL

9.9

Description

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Details CVE

Score CVSS v3.19.9

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie2/16/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

artifex:ghostscriptfedoraproject:fedora

Faiblesses (CWE)

CWE-20CWE-78

References

https://bugzilla.redhat.com/show_bug.cgi?id=2002271(secalert@redhat.com)

https://ghostscript.com/CVE-2021-3781.html(secalert@redhat.com)

https://security.gentoo.org/glsa/202211-11(secalert@redhat.com)

https://bugzilla.redhat.com/show_bug.cgi?id=2002271(af854a3a-2127-422b-91ae-364da2661108)

https://ghostscript.com/CVE-2021-3781.html(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/202211-11(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.