What is CVE-2021-3781?

CVE-2021-3781 is a vulnerability in Ghostscript, classified under Improper Input Validation. Published 2022-02-16.

Is CVE-2021-3781 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Ghostscript

CVE-2021-3781

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the sy…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.839 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a Ghostscript — versions ghostpdl 9.55.0

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

ARPSyndicate/cvemon
okumuralab/bibun8

References

bugzilla.redhat.com/show_bug.cgi
ghostscript.com/CVE-2021-3781.html
GLSA-202211-11 (vendor-advisory)

Frequently asked questions

What is CVE-2021-3781?: CVE-2021-3781 is a vulnerability in Ghostscript, classified under Improper Input Validation. Published 2022-02-16.
Is CVE-2021-3781 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.