Aladdin Enterprises : Security Vulnerabilities, CVEs,
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
Max CVSS
7.2
EPSS Score
0.05%
Published
2005-02-09
Updated
2017-10-11
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
Max CVSS
7.5
EPSS Score
0.47%
Published
2002-05-29
Updated
2008-09-05
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
Max CVSS
2.6
EPSS Score
0.04%
Published
2001-09-18
Updated
2016-10-18
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-01-09
Updated
2017-10-10
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
Max CVSS
3.7
EPSS Score
0.04%
Published
2001-01-09
Updated
2017-10-10
The ghostscript command with the -dSAFER option allows remote attackers to execute commands.
Max CVSS
7.5
EPSS Score
0.49%
Published
1995-08-31
Updated
2022-08-17
6 vulnerabilities found