Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2013-5653

Published: 31 December 2013

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
precise
Released (9.05~dfsg-0ubuntu4.4)
trusty Does not exist
(trusty was released [9.10~dfsg-0ubuntu10.5])
upstream Needs triage

xenial
Released (9.18~dfsg~0-0ubuntu2.2)
yakkety
Released (9.19~dfsg+1-0ubuntu6.2)