Description
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4Attack Vector: Adjacent
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: Low
Affected Packages2 packages
🔴Vulnerability Details
3OSVCVE-2024-33870: An issue was discovered in Artifex Ghostscript before 10↗2024-07-03 GHSAGHSA-3xr3-vrm2-6jc7: An issue was discovered in Artifex Ghostscript before 10↗2024-07-03 CVEListCVE-2024-33870: An issue was discovered in Artifex Ghostscript before 10↗2024-07-03 📋Vendor Advisories
3UbuntuGhostscript vulnerabilities↗2024-06-17 Red Hatghostscript: path traversal to arbitrary files if the current directory is in the permitted paths↗2024-05-16 DebianCVE-2024-33870: ghostscript - An issue was discovered in Artifex Ghostscript before 10.03.1. There is path tra...↗2024