CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.1%
Cedric Buissart (Red Hat) reports:
A flaw was found in, ghostscript versions prior to 9.50, in the
.pdf_hook_DSC_Creator procedure where it did not properly secure
its privileged calls, enabling scripts to bypass -dSAFER
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.
A flaw was found in all ghostscript versions 9.x before 9.50, in
the .setuserparams2 procedure where it did not properly secure its
privileged calls, enabling scripts to bypass -dSAFER
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.
A flaw was found in ghostscript, versions 9.x before 9.50, in the
setsystemparams procedure where it did not properly secure its
privileged calls, enabling scripts to bypass -dSAFER
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.50, in the
.pdfexectoken and other procedures where it did not properly secure
its privileged calls, enabling scripts to bypass -dSAFER
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | ghostscript9-agpl-base | < 9.50 | UNKNOWN |
FreeBSD | any | noarch | ghostscript9-agpl-x11 | < 9.50 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.1%