CVE-2013-5653
published 2017-03-07CVE-2013-5653: The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript…
medium5.5CVSS 3.0
AVLACLPRNUIRSUCHINAN
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | afpl_ghostscript | — | — |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.19~dfsg-3.1 | 9.19~dfsg-3.1 |
| artifex | ghostscript | >= 0 < 9.10~dfsg-0ubuntu10.5 | 9.10~dfsg-0ubuntu10.5 |
| artifex | ghostscript | >= 0 < 9.18~dfsg~0-0ubuntu2.2 | 9.18~dfsg~0-0ubuntu2.2 |
| debian | debian_linux | — | — |
| debian | ghostscript | < ghostscript 9.19~dfsg-3.1 (bookworm) | ghostscript 9.19~dfsg-3.1 (bookworm) |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv5.5MEDIUM