|Description||A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|ghostscript (PTS)||buster, buster (security)||9.27~dfsg-2+deb10u5||fixed|
|bullseye (security), bullseye||9.53.3~dfsg-7+deb11u2||fixed|
The information below is based on the following data on fixed versions.
For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
which changed the access to file permissions.