CVE-2021-3781: OS Command Injection
First published: Wed Sep 08 2021(Updated: )
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artifex Ghostscript | =9.50 | |
| Artifex Ghostscript | =9.52 | |
| Artifex Ghostscript | =9.53.3 | |
| Artifex Ghostscript | =9.54.0 | |
| Fedoraproject Fedora | =34 | |
| redhat/ghostpdl | <9.55.0 | 9.55.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2002271
- https://ghostscript.com/CVE-2021-3781.html
- https://security.gentoo.org/glsa/202211-11
- https://bugs.ghostscript.com/show_bug.cgi?id=704342
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2003085
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2002800
- https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20
Frequently Asked Questions
What is CVE-2021-3781?
CVE-2021-3781 is a vulnerability found in the ghostscript interpreter that allows a specially crafted document to execute arbitrary commands on the system.
What is the severity of CVE-2021-3781?
CVE-2021-3781 has a severity rating of 9.9 (Critical).
How does CVE-2021-3781 impact Artifex Ghostscript?
CVE-2021-3781 affects the following versions of Artifex Ghostscript: 9.50, 9.52, 9.53.3, and 9.54.0.
How can I fix CVE-2021-3781?
To fix CVE-2021-3781, it is recommended to update Artifex Ghostscript to a patched version provided by the vendor.
Where can I find more information about CVE-2021-3781?
You can find more information about CVE-2021-3781 in the references provided: [Reference 1](https://bugzilla.redhat.com/show_bug.cgi?id=2002271), [Reference 2](https://ghostscript.com/CVE-2021-3781.html), [Reference 3](https://security.gentoo.org/glsa/202211-11).
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3781
- agent/software-canonical-lookup
- vendor/artifex
- canonical/artifex ghostscript
- version/artifex ghostscript/9.50
- version/artifex ghostscript/9.52
- version/artifex ghostscript/9.53.3
- version/artifex ghostscript/9.54.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- package-manager/redhat