Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
[
{
"cpes": [
"cpe:2.3:a:artifex:afpl_ghostscript:*:*:*:*:*:*:*:*"
],
"vendor": "artifex",
"product": "afpl_ghostscript",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "10.03.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]