An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
The vulnerability (CWE-22) exists in files base/gp_mswin.c and base/winrtsup.cpp responsible for file path handling on Windows platform. An attacker can provide a specially crafted path containing improper UTF-8 characters combined with path truncation, which causes improper validation and sanitization by the application. As a result, security mechanisms restricting file access are bypassed, and the application gains access to files outside the intended directory.
A remote, unauthenticated attacker can gain read access and potential modification of any files in the operating system, which may lead to disclosure of sensitive data, privilege escalation, or further compromise of system integrity.
Artifex Ghostscript should be updated to version 10.05.0 or later. Details available in vendor references: https://bugs.ghostscript.com/show_bug.cgi?id=708238
Artifex Ghostscript in all versions before 10.05.0, affects Windows handling components (base/gp_mswin.c and base/winrtsup.cpp)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArtifex Ghostscript
APPArtifex< 10.05.0
Related vulnerabilities
Buffer overflow w urządzeniu BJ10V w Artifex Ghostscript
Buffer overflow w Artifex Ghostscript — urządzenie DOCXWRITE/TXTWRITE
Buffer overflow w urządzeniu NPDL Artifex Ghostscript (kompresja)
Artifex Ghostscript — out-of-bounds write i use-after-free w obsłudze txtwrite
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data int...