Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: September 3, 2019
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Related Resources (5)
Weakness Type (CWE)
Upgrade to version ghostscript 9.28
|Attack Vector (AV):||LOCAL|
|Attack Complexity (AC):||LOW|
|Privileges Required (PR):||NONE|
|User Interaction (UI):||REQUIRED|
|Access Vector (AV):||NETWORK|
|Access Complexity (AC):||MEDIUM|