发布时间: 2022年3月7日
修改时间: 2024年10月31日
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Network | Network |
| CVSS评分 | 9.9 | 9.9 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| Scope | Changed | Changed |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1068 | ghostscript security update | 2022年3月7日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | ghostscript | Fixed |
| KY3.4-5 | ghostscript | Fixed |
