NA

CVE-2021-3781

Vulnerability Summary

It exists that Ghostscript, the GPL PostScript/PDF interpreter, does not properly validate access for the "%pipe%", "%handle%" and "%printer%" io devices, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled). For the stable distribution (bullseye), this problem has been fixed in version 9.53.3~dfsg-7+deb11u1. We recommend that you upgrade your ghostscript packages. For the detailed security status of ghostscript please refer to its security tracker page at: security-tracker.debian.org/tracker/ghostscript

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vendor Advisories

Debian Bug report logs - #994011 ghostscript: CVE-2021-3781 Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 9 Sep 2021 17:21:04 UTC Severity: grave Tags: security, upstream Found in ...
It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly validate access for the "%pipe%", "%handle%" and "%printer%" io devices, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled) For the stable distribution (bullseye), this ...
Arch Linux Security Advisory ASA-202109-3 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-3781 Package : ghostscript Type : arbitrary command execution Remote : Yes Link : securityarchlinuxorg/AVG-2374 Summary ======= The package ghostscript before version 9540-3 is vulnerable t ...
A trivial sandbox (enabled with the `-dSAFER` option) escape security issue was found in the ghostscript interpreter by injecting a specially crafted pipe command This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter ...

Mailing Lists

On 9/6/21 11:35 AM, Solar Designer wrote: No worries - I figured it was that time of year, and this isn't something that has to be resolved immediately Thanks Okay - a more typical application form follows That seems like something we could help with I also note that there are many vulnerabilities we discover in the FOSS packages we ...

Github Repositories

『[改訂第8版]LaTeX2e美文書作成入門』サポートページ 2020年11月14日発売です。 Windowsへのインストールでエラーになる場合は, 技術評論社サポートページ 補足情報の「Windowsでインストールがエラーになる場合」をご覧ください。 正誤表 リンク 技術評論社(紙版) 技術評論社(PD