The ghostscript command with the -dSAFER option allows remote attackers to execute commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| aladdin_enterprises | ghostscript | 2.6 |
| aladdin_enterprises | ghostscript | 3.22 |
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| aladdin_enterprises | ghostscript | 5.50 |
| aladdin_enterprises | ghostscript | 5.10.15 |
| aladdin_enterprises | ghostscript | 5.10.10 |
| aladdin_enterprises | ghostscript | 4.3 |
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| aladdin_enterprises | ghostscript | 5.50 |
| aladdin_enterprises | ghostscript | 5.10.15 |
| aladdin_enterprises | ghostscript | 5.10.10 |
| aladdin_enterprises | ghostscript | 5.10cl |
| aladdin_enterprises | ghostscript | 4.3 |
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| aladdin_enterprises | ghostscript | * |
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| aladdin_enterprises | ghostscript | * |
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| aladdin_enterprises | ghostscript | 7.0.5 |
| aladdin_enterprises | ghostscript | 5.50.8 |
| aladdin_enterprises | ghostscript | 5.50.8_7 |
| aladdin_enterprises | ghostscript | 5.10.10_1 |
| aladdin_enterprises | ghostscript | 5.10.10 |
| aladdin_enterprises | ghostscript | 5.10cl |
| aladdin_enterprises | ghostscript | 6.53 |
| aladdin_enterprises | ghostscript | 5.10.12cl |
| aladdin_enterprises | ghostscript | 7.0.7 |
| aladdin_enterprises | ghostscript | 5.10.16 |
| aladdin_enterprises | ghostscript | 5.50 |
| aladdin_enterprises | ghostscript | 6.52 |
| aladdin_enterprises | ghostscript | 7.0.4 |
| aladdin_enterprises | ghostscript | 5.10.15 |
| aladdin_enterprises | ghostscript | 6.51 |
| aladdin_enterprises | ghostscript | 4.3 |
| aladdin_enterprises | ghostscript | 4.3.2 |
| aladdin_enterprises | ghostscript | 7.0.6 |