CVE-2022-35649

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified) GhostScript versions prior to 9.50

Description The issue occurs due to improper input validation when parsing PostScript code, resulting in a remote code execution risk. An omitted execution parameter allows for the exploitation of this issue, which may lead to the complete compromise of the vulnerable system. Successful exploitation can enable a remote attacker to execute arbitrary code.

Recommendations For Moodle, update GhostScript to version 9.50 or later to resolve the issue. As a temporary workaround, consider disabling the parsing of PostScript code until a patch is available. Restrict access to the PostScript parsing functionality to minimize the risk of exploitation.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-20

Related Identifiers

ALT-PU-2020-3235

ALT-PU-2022-2502

ALT-PU-2022-2553

BDU:2022-06403

BIT-MOODLE-2022-35649

CVE-2022-35649

GHSA-XP2F-9MX3-3C6P

Affected Products

Alt Linux

Ghostscript

Moodle

Red Os

CVE-2022-35649

Weakness Enumeration

Related Identifiers

Affected Products

References · 24