The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-674-1 | ghostscript security update |
![]() |
DSA-3691-1 | ghostscript security update |
![]() |
EUVD-2013-5492 | The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. |
![]() |
USN-3148-1 | Ghostscript vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T17:15:21.451Z
Reserved: 2013-08-30T00:00:00
Link: CVE-2013-5653

No data.

Status : Deferred
Published: 2017-03-07T15:59:00.157
Modified: 2025-04-20T01:37:25.860
Link: CVE-2013-5653


No data.