CVE-2021-3781

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ghostscript (affected versions not specified)

Description A trivial sandbox escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. The vulnerability can be exploited by injecting a specially crafted pipe command, allowing a remote attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-20

Related Identifiers

ALT-PU-2021-2772

ALT-PU-2021-2808

ALT-PU-2023-1620

ALT-PU-2023-1968

ALT-PU-2024-7762

BDU:2024-05832

CVE-2021-3781

DSA-4972-1

MGASA-2021-0436

OESA-2022-1560

OPENSUSE-SU-2021:1273-1

OPENSUSE-SU-2021:3044-1

OPENSUSE-SU-2021_1273-1

OPENSUSE-SU-2021_3044-1

OPENSUSE-SU-2024:10783-1

SUSE-SU-2021:3044-1

SUSE-SU-2021:3180-1

SUSE-SU-2021_3044-1

SUSE-SU-2021_3180-1

USN-5075-1

Affected Products

Alt Linux

Ghostscript

Linuxmint

Red Os

Suse

Ubuntu

CVE-2021-3781

Weakness Enumeration

Related Identifiers

Affected Products

References · 88