An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "9.50~dfsg-5ubuntu4.12", "binary_name": "ghostscript" }, { "binary_version": "9.50~dfsg-5ubuntu4.12", "binary_name": "ghostscript-dbg" }, { "binary_version": "9.50~dfsg-5ubuntu4.12", "binary_name": "ghostscript-doc" }, { "binary_version": "9.50~dfsg-5ubuntu4.12", "binary_name": "ghostscript-x" }, { "binary_version": "9.50~dfsg-5ubuntu4.12", "binary_name": "libgs-dev" }, { "binary_version": "9.50~dfsg-5ubuntu4.12", "binary_name": "libgs9" }, { "binary_version": "9.50~dfsg-5ubuntu4.12", "binary_name": "libgs9-common" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "9.55.0~dfsg1-0ubuntu5.7", "binary_name": "ghostscript" }, { "binary_version": "9.55.0~dfsg1-0ubuntu5.7", "binary_name": "ghostscript-dbgsym" }, { "binary_version": "9.55.0~dfsg1-0ubuntu5.7", "binary_name": "ghostscript-doc" }, { "binary_version": "9.55.0~dfsg1-0ubuntu5.7", "binary_name": "ghostscript-x" }, { "binary_version": "9.55.0~dfsg1-0ubuntu5.7", "binary_name": "ghostscript-x-dbgsym" }, { "binary_version": "9.55.0~dfsg1-0ubuntu5.7", "binary_name": "libgs-dev" }, { "binary_version": "9.55.0~dfsg1-0ubuntu5.7", "binary_name": "libgs9" }, { "binary_version": "9.55.0~dfsg1-0ubuntu5.7", "binary_name": "libgs9-common" }, { "binary_version": "9.55.0~dfsg1-0ubuntu5.7", "binary_name": "libgs9-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "10.02.1~dfsg1-0ubuntu9", "binary_name": "ghostscript" }, { "binary_version": "10.02.1~dfsg1-0ubuntu9", "binary_name": "ghostscript-dbgsym" }, { "binary_version": "10.02.1~dfsg1-0ubuntu9", "binary_name": "ghostscript-doc" }, { "binary_version": "10.02.1~dfsg1-0ubuntu9", "binary_name": "libgs-common" }, { "binary_version": "10.02.1~dfsg1-0ubuntu9", "binary_name": "libgs-dev" }, { "binary_version": "10.02.1~dfsg1-0ubuntu9", "binary_name": "libgs10" }, { "binary_version": "10.02.1~dfsg1-0ubuntu9", "binary_name": "libgs10-common" }, { "binary_version": "10.02.1~dfsg1-0ubuntu9", "binary_name": "libgs10-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "10.02.1~dfsg1-0ubuntu7.1", "binary_name": "ghostscript" }, { "binary_version": "10.02.1~dfsg1-0ubuntu7.1", "binary_name": "ghostscript-dbgsym" }, { "binary_version": "10.02.1~dfsg1-0ubuntu7.1", "binary_name": "ghostscript-doc" }, { "binary_version": "10.02.1~dfsg1-0ubuntu7.1", "binary_name": "libgs-common" }, { "binary_version": "10.02.1~dfsg1-0ubuntu7.1", "binary_name": "libgs-dev" }, { "binary_version": "10.02.1~dfsg1-0ubuntu7.1", "binary_name": "libgs10" }, { "binary_version": "10.02.1~dfsg1-0ubuntu7.1", "binary_name": "libgs10-common" }, { "binary_version": "10.02.1~dfsg1-0ubuntu7.1", "binary_name": "libgs10-dbgsym" } ] }