CVE-2021-3781 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-3781 PUBLISHED CVSS 9.899999618530273 CRITICAL

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

EPSS 7.05% · 91.4th percentile

Risk Scores

CVSS v3.1

9.899999618530273

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

7.05%

91.4th percentile

Affected Products

Vendor	Product	Versions
fedoraproject	fedora	34
artifex	ghostscript	9.50, 9.52, 9.53.3
n/a	ghostscript	ghostpdl 9.55.0

Timeline

Sep 15, 2021 CVE Published
Feb 16, 2022 PoC Published
Feb 17, 2022 EPSS Score
Sep 9, 2023 EPSS Score
Oct 4, 2024 PoC Published
Mar 17, 2025 EPSS Score
Mar 24, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Apr 28, 2025 EPSS Score
May 1, 2025 EPSS Score
May 4, 2025 EPSS Score
Jun 1, 2025 EPSS Score

References

https://bugzilla.redhat.com/show_bug.cgi?id=2002271 url
https://ghostscript.com/CVE-2021-3781.html url
GLSA-202211-11 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-3781 advisory

Open in Interactive Console →