An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
Metrics
Affected Vendors & Products
References
History
Mon, 09 Sep 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Eus
|
|
CPEs | cpe:/a:redhat:rhel_eus:9.2 | |
Vendors & Products |
Redhat rhel Eus
|
Fri, 06 Sep 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:9 | |
Vendors & Products |
Redhat
Redhat enterprise Linux |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-03T00:00:00
Updated: 2024-08-19T20:28:08.589Z
Reserved: 2024-04-27T00:00:00
Link: CVE-2024-33869
Vulnrichment
Updated: 2024-08-02T02:42:59.952Z
NVD
Status : Awaiting Analysis
Published: 2024-07-03T19:15:03.767
Modified: 2024-07-05T12:55:51.367
Link: CVE-2024-33869
Redhat