Veracode Vulnerability DatabaseVERACODE:41413Improper Input Validation
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.1%
ghostscript is vulnerable to Improper Input Validation. This vulnerability occurs due to a flaw in the way that Ghostscript handles pipe devices. An attacker can exploit this vulnerability to gain unauthorized access to files on the victim’s system.
References
bugs.ghostscript.com/show_bug.cgi?id=706761
git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d
git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c
git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d
git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/
lists.fedoraproject.org/archives/list/[email protected]/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/
lists.fedoraproject.org/archives/list/[email protected]/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
security.gentoo.org/glsa/202309-03
www.debian.org/security/2023/dsa-5446
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.1%