An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Red Hat Enterprise Linux 9 | RedHat | ghostscript-0:9.54.0-17.el9_4 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | ghostscript-0:9.54.0-12.el9_2.2 | * |
Ghostscript | Ubuntu | devel | * |
Ghostscript | Ubuntu | focal | * |
Ghostscript | Ubuntu | jammy | * |
Ghostscript | Ubuntu | mantic | * |
Ghostscript | Ubuntu | noble | * |
Ghostscript | Ubuntu | oracular | * |
Ghostscript | Ubuntu | upstream | * |