CVE-2013-5653
Advisory lineage Upstream: 0 Downstream: 11
Modified
Published: 07 Mar 2017, 15:00
Last modified:06 Aug 2024, 17:15
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
v3.0 (nvd)
EPSS Score
0.22% LOW
0% probability -0.03%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
07 Mar 2017, 15:00
Published
Vulnerability first disclosed
06 Aug 2024, 17:15
Last Modified
Vulnerability information updated
Description
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
CVSS Metrics
- v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.22%• Percentile: 45%
Techniques & Countermeasures
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- artifex•afpl_ghostscript
9.10
- debian•debian_linux
8.0
References (9)
- http://www.debian.org/security/2016/dsa-3691
- http://rhn.redhat.com/errata/RHSA-2017-0013.html
- http://rhn.redhat.com/errata/RHSA-2017-0014.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1380327
- https://bugs.ghostscript.com/show_bug.cgi?id=697169
- http://www.openwall.com/lists/oss-security/2016/09/29/28
- http://www.securityfocus.com/bid/96497
- http://www.openwall.com/lists/oss-security/2016/09/29/5
- https://bugs.ghostscript.com/show_bug.cgi?id=694724