Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-3781

Published: 8 September 2021

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Notes

AuthorNote
mdeslaur
9.50 to 9.55 are vulnerable

Priority

High

CVSS 3 base score: 9.9

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(9.26~dfsg+0-0ubuntu0.18.04.14)
focal
Released (9.50~dfsg-5ubuntu4.3)
hirsute
Released (9.53.3~dfsg-7ubuntu0.1)
impish
Released (9.54.0~dfsg1-0ubuntu2)
jammy
Released (9.54.0~dfsg1-0ubuntu2)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable