CVE-2013-5653

low-risk
Published 2017-03-07

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

Do I need to act?

-
0.25% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Afpl Ghostscript

Affected Vendors

Artifex Debian

References (18)

http://rhn.redhat.com/errata/RHSA-2017-0013.html
http://rhn.redhat.com/errata/RHSA-2017-0014.html
Third Party Advisory http://www.debian.org/security/2016/dsa-3691
Mailing List http://www.openwall.com/lists/oss-security/2016/09/29/28
Mailing List http://www.openwall.com/lists/oss-security/2016/09/29/5
http://www.securityfocus.com/bid/96497
Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=694724
Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=697169
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1380327
http://rhn.redhat.com/errata/RHSA-2017-0013.html
http://rhn.redhat.com/errata/RHSA-2017-0014.html
Third Party Advisory http://www.debian.org/security/2016/dsa-3691
Mailing List http://www.openwall.com/lists/oss-security/2016/09/29/28
Mailing List http://www.openwall.com/lists/oss-security/2016/09/29/5
http://www.securityfocus.com/bid/96497
Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=694724
Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=697169
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1380327
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low