CVE-2023-36664

Severity

98%

Complexity

39%

Confidentiality

98%

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

CVSS 3.1 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 3.1 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Overview

First reported 1 year ago

2023-06-25 22:15:00

Last updated 1 year ago

2023-11-07 04:16:00

Affected Software

Artifex Ghostscript

References

https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d

https://bugs.ghostscript.com/show_bug.cgi?id=706761

https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c

DSA-5446

https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d

Mailing List, Patch

https://bugs.ghostscript.com/show_bug.cgi?id=706761

Issue Tracking, Permissions Required

https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c

Mailing List, Patch

DSA-5446

Third Party Advisory

FEDORA-2023-d8a1c3e5e2

FEDORA-2023-83c805b441

FEDORA-2023-d8a1c3e5e2

Mailing List

FEDORA-2023-83c805b441

Mailing List

GLSA-202309-03

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d

FEDORA-2023-d8a1c3e5e2

FEDORA-2023-83c805b441

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.