Arch Linux: ASA-202109-3 High: Ghostscript Command Execution

Arch Linux Security Advisory ASA-202109-3
========================================
Severity: High
Date    : 2021-09-14
CVE-ID  : CVE-2021-3781
Package : ghostscript
Type    : arbitrary command execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2374

Summary
======
The package ghostscript before version 9.54.0-3 is vulnerable to
arbitrary command execution.

Resolution
=========
Upgrade to 9.54.0-3.

# pacman -Syu "ghostscript>=9.54.0-3"

The problem has been fixed upstream but no release is available yet.

Workaround
=========
None.

Description
==========
A trivial sandbox (enabled with the -dSAFER option) escape security
issue was found in the ghostscript interpreter by injecting a specially
crafted pipe command. This flaw allows a specially crafted document to
execute arbitrary commands on the system in the context of the
ghostscript interpreter.

Impact
=====
An attacker could execute arbitrary commands through crafted documents,
bypassing the interpreter's sandbox.

References
=========
https://bugzilla.redhat.com/show_bug.cgi?id=2002271

https://twitter.com/emil_lerner/status/1430502815181463559
https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50

https://security.archlinux.org/CVE-2021-3781