Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.9
CVSSv3

CVE-2021-3781

Published: 16/02/2022 Updated: 26/06/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Ghostscript

Vulnerability Summary

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

artifex ghostscript 9.52

artifex ghostscript 9.50

artifex ghostscript 9.53.3

artifex ghostscript 9.54.0

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: ghostscript: CVE-2021-3781
Debian Bug report logs - #994011 ghostscript: CVE-2021-3781 Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 9 Sep 2021 17:21:04 UTC Severity: grave Tags: security, upstream Found in ...
Debian Security Advisories: DSA-4972-1 ghostscript -- security update
It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly validate access for the "%pipe%", "%handle%" and "%printer%" io devices, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled) For the stable distribution (bullseye), this ...
Arch Linux Issues:
A trivial sandbox (enabled with the `-dSAFER` option) escape security issue was found in the ghostscript interpreter by injecting a specially crafted pipe command This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter ...

Mailing Lists

Full Disclosure: Re: Oracle Solaris membership in the distros list
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Oracle Solaris membership in the distros list <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Solar Designer ...
Full Disclosure: Re: Oracle Solaris membership in the distros list
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Oracle Solaris membership in the distros list <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Alan Coopersmit ...

Github Repositories

https://github.com/okumuralab/bibun8

『[改訂第8版]LaTeX2e美文書作成入門』サポートページ 2020年11月14日発売です。 Windowsへのインストールでエラーになる場合は, 技術評論社サポートページ 補足情報の「Windowsでインストールがエラーになる場合」をご覧ください。 正誤表 リンク 技術評論社(紙版) 技術評論社(PD

References

CWE-78https://bugzilla.redhat.com/show_bug.cgi?id=2002271https://ghostscript.com/CVE-2021-3781.htmlhttps://security.gentoo.org/glsa/202211-11https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994011https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4972
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook