CVE-2022-35649

Description

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Related CPE's

a moodle moodle ********

a moodle moodle ********

a moodle moodle ********

o fedoraproject fedora 35 *******

o fedoraproject fedora 36 *******

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044

PatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2106273

Issue TrackingThird Party Advisory

https://moodle.org/mod/forum/discuss.php?d=436456

Vendor Advisory

FEDORA-2022-81ce74b2dd

Mailing ListThird Party Advisory

FEDORA-2022-7e7ce7df2e

Mailing ListThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io