7.2
CVE-2004-0967
- EPSS 0.03%
- Veröffentlicht 09.02.2005 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Aladdin Enterprises ≫ Ghostscript Version4.3
Aladdin Enterprises ≫ Ghostscript Version4.3.2
Aladdin Enterprises ≫ Ghostscript Version5.10.10
Aladdin Enterprises ≫ Ghostscript Version5.10.10 Editionmdk
Aladdin Enterprises ≫ Ghostscript Version5.10.10_1
Aladdin Enterprises ≫ Ghostscript Version5.10.10_1 Editionmdk
Aladdin Enterprises ≫ Ghostscript Version5.10.12cl
Aladdin Enterprises ≫ Ghostscript Version5.10.15
Aladdin Enterprises ≫ Ghostscript Version5.10.16
Aladdin Enterprises ≫ Ghostscript Version5.10cl
Aladdin Enterprises ≫ Ghostscript Version5.50
Aladdin Enterprises ≫ Ghostscript Version5.50.8
Aladdin Enterprises ≫ Ghostscript Version5.50.8_7
Aladdin Enterprises ≫ Ghostscript Version6.51
Aladdin Enterprises ≫ Ghostscript Version6.52
Aladdin Enterprises ≫ Ghostscript Version6.53
Aladdin Enterprises ≫ Ghostscript Version7.0.4
Aladdin Enterprises ≫ Ghostscript Version7.0.5
Aladdin Enterprises ≫ Ghostscript Version7.0.6
Aladdin Enterprises ≫ Ghostscript Version7.0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.058 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.