发布于3月6日3月6日 Members Red Hat: CVE-2024-33869: ghostscript: path traversal and command execution due to path reduction (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 09/11/2024 Added 09/10/2024 Modified 09/13/2024 Description An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. Solution(s) redhat-upgrade-ghostscript redhat-upgrade-ghostscript-debuginfo redhat-upgrade-ghostscript-debugsource redhat-upgrade-ghostscript-doc redhat-upgrade-ghostscript-gtk-debuginfo redhat-upgrade-ghostscript-tools-dvipdf redhat-upgrade-ghostscript-tools-fonts redhat-upgrade-ghostscript-tools-printing redhat-upgrade-ghostscript-x11 redhat-upgrade-ghostscript-x11-debuginfo redhat-upgrade-libgs redhat-upgrade-libgs-debuginfo redhat-upgrade-libgs-devel References CVE-2024-33869 RHSA-2024:6197 RHSA-2024:6466
