CVE-2013-5653 — Sensitive Information Exposure in Afpl Ghostscript

CWE-200 — Sensitive Information Exposure10 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 51.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript Artifex Afpl Ghostscript Debian Linux

Timeline

PublishedMar 7

Latest updateMay 14

Description

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianartifex/ghostscript< 9.19~dfsg-3.1+3

▶NVDartifex/afpl_ghostscript9.10

Also affects: Debian Linux 8.0

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: bugs.ghostscript.com ↗

🔴Vulnerability Details

GHSA

GHSA-hh8r-vgv6-7j2f: The getenv and filenameforall functions in Ghostscript 9↗2022-05-14

▶

CVEList

CVE-2013-5653: The getenv and filenameforall functions in Ghostscript 9↗2017-03-07

▶

OSV

CVE-2013-5653: The getenv and filenameforall functions in Ghostscript 9↗2017-03-07

▶

OSV

ghostscript vulnerabilities↗2016-12-02

▶

📋Vendor Advisories

Ubuntu

Ghostscript vulnerabilities↗2016-12-02

▶

Red Hat

ghostscript: getenv and filenameforall ignore -dSAFER↗2013-10-21

▶

Debian

CVE-2013-5653: ghostscript - The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER"...↗2013

▶

💬Community

Bugzilla

CVE-2013-5653 ghostscript: getenv and filenameforall ignore -dSAFER [fedora-all]↗2016-11-01

▶

Bugzilla

CVE-2013-5653 ghostscript: getenv and filenameforall ignore -dSAFER↗2016-09-29

▶