| Name | CVE-2021-3781 |
| Description | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-4972-1 |
| Debian Bugs | 994011 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| ghostscript (PTS) | bullseye | 9.53.3~dfsg-7+deb11u7 | fixed |
| bullseye (security) | 9.53.3~dfsg-7+deb11u8 | fixed | |
| bookworm | 10.0.0~dfsg-11+deb12u5 | fixed | |
| bookworm (security) | 10.0.0~dfsg-11+deb12u6 | fixed | |
| sid, trixie | 10.04.0~dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| ghostscript | source | stretch | (not affected) | |||
| ghostscript | source | buster | (not affected) | |||
| ghostscript | source | bullseye | 9.53.3~dfsg-7+deb11u1 | DSA-4972-1 | ||
| ghostscript | source | (unstable) | 9.53.3~dfsg-8 | 994011 |
[buster] - ghostscript <not-affected> (Vulnerable code introduced later)
[stretch] - ghostscript <not-affected> (Vulnerable code introduced later)
https://twitter.com/ducnt_/status/1434534373416574983
https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
https://bugs.ghostscript.com/show_bug.cgi?id=704342
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20