CVE-2021-3781
Description
Ghostscript sandbox escape via '%pipe%' allows arbitrary command execution, affecting versions 9.50 through 9.54.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Ghostscript sandbox escape via '%pipe%' allows arbitrary command execution, affecting versions 9.50 through 9.54.0.
Vulnerability
CVE-2021-3781 is a sandbox escape vulnerability in the Ghostscript interpreter when the -dSAFER option is enabled. The file access protection built into Ghostscript proved insufficient for the %pipe% PostScript device, allowing a specially crafted document to bypass the sandbox. The vulnerability affects Ghostscript versions 9.50, 9.52, 9.53.3, and 9.54.0 on Unix-like systems (excluding Windows) [1][2].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted document that uses a %pipe% command to execute arbitrary system commands. The attacker does not require any special privileges beyond the ability to process the malicious document in Ghostscript. The exploitation is trivial, as the existing permission checks did not validate the %pipe% device specifier string itself, only the sub-string following it [1][2]. On Unix-like systems, the attack is feasible if the document is processed by a user with high privileges (e.g., root) [1][2].
Impact
Successful exploitation allows an attacker to escape the Ghostscript sandbox and execute arbitrary commands on the host system with the privileges of the Ghostscript interpreter. This can lead to full compromise of confidentiality, integrity, and availability of the affected system [1][2].
Mitigation
The vulnerability is fixed in Ghostscript/GhostPDL 9.55.0, released at the end of September 2021 [2]. Users should upgrade to version 9.55.0 or later. For Gentoo Linux, version 9.56.1 is recommended [3]. There is no known workaround for this vulnerability [3].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
66- ghostscript/ghostscript interpreterdescription
- osv-coords64 versionspkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ghostscript-mini&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libspectre&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libspectre&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/ghostscript&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ghostscript&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/ghostscript&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/ghostscript&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/ghostscript&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ghostscript&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ghostscript&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/ghostscript&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/libspectre&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libspectre&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libspectre&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/libspectre&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/libspectre&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/libspectre&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libspectre&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/libspectre&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/libspectre&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 9.52-lp152.2.7.1+ 63 more
- (no CPE)range: < 9.52-lp152.2.7.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.54.0-2.2
- (no CPE)range: < 9.52-lp152.2.7.1
- (no CPE)range: < 0.2.8-lp152.4.3.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-155.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 9.52-23.42.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.8-3.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.7-12.12.1
- (no CPE)range: < 0.2.7-12.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- security.gentoo.org/glsa/202211-11mitrevendor-advisory
- bugzilla.redhat.com/show_bug.cgimitre
- ghostscript.com/CVE-2021-3781.htmlmitre
News mentions
0No linked articles in our index yet.