9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.7%
Severity: High
Date : 2021-09-14
CVE-ID : CVE-2021-3781
Package : ghostscript
Type : arbitrary command execution
Remote : Yes
Link : https://security.archlinux.org/AVG-2374
The package ghostscript before version 9.54.0-3 is vulnerable to
arbitrary command execution.
Upgrade to 9.54.0-3.
The problem has been fixed upstream but no release is available yet.
None.
A trivial sandbox (enabled with the -dSAFER option) escape security
issue was found in the ghostscript interpreter by injecting a specially
crafted pipe command. This flaw allows a specially crafted document to
execute arbitrary commands on the system in the context of the
ghostscript interpreter.
An attacker could execute arbitrary commands through crafted documents,
bypassing the interpreter’s sandbox.
https://bugzilla.redhat.com/show_bug.cgi?id=2002271
https://bugs.ghostscript.com/show_bug.cgi?id=704342
https://twitter.com/emil_lerner/status/1430502815181463559
https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20
https://security.archlinux.org/CVE-2021-3781
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | ghostscript | < 9.54.0-3 | UNKNOWN |
bugs.ghostscript.com/show_bug.cgi?id=704342
bugzilla.redhat.com/show_bug.cgi?id=2002271
git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20
github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
security.archlinux.org/AVG-2374
security.archlinux.org/CVE-2021-3781
twitter.com/emil_lerner/status/1430502815181463559
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.7%