CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
80.8%
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER
sandbox bypass, via format string injection with a uniprint device.
Author | Note |
---|---|
sayun | the fix for this issue depends on SAFER infrastructure changes that were introduced after the 9.26 versions in bionic and xenial. Attempting to pull back infrastructure piecemeal runs the risk of introducing regressions; we may need to pull back 9.50 version included in focal/20.04 LTS to bionic and xenial. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | ghostscript | < any | UNKNOWN |
ubuntu | 20.04 | noarch | ghostscript | < 9.50~dfsg-5ubuntu4.12 | UNKNOWN |
ubuntu | 22.04 | noarch | ghostscript | < 9.55.0~dfsg1-0ubuntu5.7 | UNKNOWN |
ubuntu | 23.10 | noarch | ghostscript | < 10.01.2~dfsg1-0ubuntu2.3 | UNKNOWN |
ubuntu | 24.04 | noarch | ghostscript | < 10.02.1~dfsg1-0ubuntu7.1 | UNKNOWN |
ubuntu | 16.04 | noarch | ghostscript | < any | UNKNOWN |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
80.8%