发布于3月6日3月6日 Members Red Hat: CVE-2024-33870: ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:P) Published 07/03/2024 Created 09/11/2024 Added 09/10/2024 Modified 09/13/2024 Description An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. Solution(s) redhat-upgrade-ghostscript redhat-upgrade-ghostscript-debuginfo redhat-upgrade-ghostscript-debugsource redhat-upgrade-ghostscript-doc redhat-upgrade-ghostscript-gtk-debuginfo redhat-upgrade-ghostscript-tools-dvipdf redhat-upgrade-ghostscript-tools-fonts redhat-upgrade-ghostscript-tools-printing redhat-upgrade-ghostscript-x11 redhat-upgrade-ghostscript-x11-debuginfo redhat-upgrade-libgs redhat-upgrade-libgs-debuginfo redhat-upgrade-libgs-devel References CVE-2024-33870 RHSA-2024:6197 RHSA-2024:6466
