CVE-2021-3781

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection7 documents7 sources

Severity

9.9CRITICAL

EPSS

7.9%

top 7.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript Fedoraproject Fedora

Timeline

PublishedFeb 16

Latest updateFeb 17

Description

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages3 packages

▶Debianghostscript< 9.53.3~dfsg-7+deb11u1+3

▶CVEListV5ghostscriptghostpdl 9.55.0

▶NVDartifex/ghostscript4 versions+3

Also affects: Fedora 34

Patches

Patch: bugzilla.redhat.com ↗Patch: ghostscript.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-gf7q-r6ff-xwg6: A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe comma↗2022-02-17

▶

OSV

CVE-2021-3781: A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe comma↗2022-02-16

▶

CVEList

CVE-2021-3781: A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe comma↗2022-02-16

▶

📋Vendor Advisories

Red Hat

ghostscript: sandbox escape using '%pipe%'↗2021-09-10

▶

Ubuntu

Ghostscript vulnerability↗2021-09-10

▶

Debian

CVE-2021-3781: ghostscript - A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in t...↗2021

▶