CVE-2021-3781 — CRITICAL (9.9)

Vulnerability Description

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS Score

9.9

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Artifex	Ghostscript	9.50
Fedoraproject	Fedora	34

Related Weaknesses (CWE)

CWE-20 CWE-78

References

https://bugzilla.redhat.com/show_bug.cgi?id=2002271Issue TrackingPatchThird Party Advisory
https://ghostscript.com/CVE-2021-3781.htmlPatchVendor Advisory
https://security.gentoo.org/glsa/202211-11Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2002271Issue TrackingPatchThird Party Advisory
https://ghostscript.com/CVE-2021-3781.htmlPatchVendor Advisory
https://security.gentoo.org/glsa/202211-11Third Party Advisory

FAQ

What is CVE-2021-3781?

CVE-2021-3781 is a vulnerability with a CVSS score of 9.9 (CRITICAL). A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document ...

How severe is CVE-2021-3781?

CVE-2021-3781 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-3781?

Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostscript, Fedoraproject Fedora.