CVE-2021-3781

EUVD-2021-27045
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
artifexghostscript
9.50
artifexghostscript
9.52
artifexghostscript
9.53.3
artifexghostscript
9.54.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bookworm
10.0.0~dfsg-11+deb12u4
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u5
fixed
bullseye
9.53.3~dfsg-7+deb11u7
fixed
bullseye (security)
9.53.3~dfsg-7+deb11u8
fixed
buster
not-affected
sid
10.04.0~dfsg-1
fixed
stretch
not-affected
trixie
10.04.0~dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
bionic
not-affected
focal
Fixed 9.50~dfsg-5ubuntu4.3
released
hirsute
Fixed 9.53.3~dfsg-7ubuntu0.1
released
impish
Fixed 9.54.0~dfsg1-0ubuntu2
released
jammy
Fixed 9.54.0~dfsg1-0ubuntu2
released
trusty
dne
xenial
not-affected
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2002271
https://ghostscript.com/CVE-2021-3781.html
https://security.gentoo.org/glsa/202211-11
https://bugzilla.redhat.com/show_bug.cgi?id=2002271
https://ghostscript.com/CVE-2021-3781.html
https://security.gentoo.org/glsa/202211-11