CVE-2022-35649

high-risk
Published 2022-07-25

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Do I need to act?

~
7.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 84d3ae1b081ba764a54baf40ed063b96764c81c4, b8fd606243238b9624b12c0fba6c39f74b0c0869, d069cb93378d39ee00ce5f30cc520aaee4ae496c
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Moodle Fedoraproject

References (10)

Patch http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2106273
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Vendor Advisory https://moodle.org/mod/forum/discuss.php?d=436456
Patch http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2106273
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Vendor Advisory https://moodle.org/mod/forum/discuss.php?d=436456
51
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 9/34 · Low