cvedb.io
CVE-2021-3781
CRITICAL · CVSS 9.9
EPSS exploitation probability: 0%
Published 2022-02-16T19:15:08.817 · Last modified 2026-06-17T04:05:45.050

Summary

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Affected products

artifex — ghostscript

Does this affect you?

Add your gear to cvedb and we'll alert you only when artifex ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.