发布时间: 2024年9月27日
修改时间: 2024年9月27日
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | ||
| Attack Vector | ||
| CVSS评分 | N/A | N/A |
| Attack Complexity | ||
| Privileges Required | ||
| Scope | ||
| Integrity | ||
| User Interaction | ||
| Availability |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3836 | ghostscript security update | 2024年9月27日 |
| KylinSec-SA-2024-4028 | ghostscript security update | 2024年9月27日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | ghostscript | Fixed |
| KY3.5.2 | ghostscript | Fixed |
