---

CVE-2021-3781 - log back

CVE-2021-3781 edited at 14 Sep 2021 08:51:18

Description

- A trivial sandbox (enabled with the `-dSAFER` option) escape security issue was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. + A trivial sandbox (enabled with the -dSAFER option) escape security issue was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter.

CVE-2021-3781 edited at 10 Sep 2021 15:33:48
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary command execution
Description	+ A trivial sandbox (enabled with the `-dSAFER` option) escape security issue was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=2002271 + https://bugs.ghostscript.com/show_bug.cgi?id=704342 + https://twitter.com/emil_lerner/status/1430502815181463559 + https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 + https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20
Notes

CVE-2021-3781 created at 10 Sep 2021 15:30:57