Main Vulnerability Database Vulnerabilities #VU56385

Code Injection in Ghostscript - CVE-2021-3781

Published: September 7, 2021 / Updated: September 27, 2021

Vulnerability identifier: #VU56385

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2021-3781

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Artifex Software, Inc.

Affected software:
Ghostscript

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can create a specially crafted SVG file, upload it to the affected system and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2021-3781

Install update from vendor's website.

Sources

https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
https://bugs.ghostscript.com/show_bug.cgi?id=704342
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde

Code Injection in Ghostscript - CVE-2021-3781

Detailed vulnerability description

How to mitigate CVE-2021-3781

Sources

Please verify you're human