CVE-2023-28879

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2023-28879
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-03-31 17:15:00 UTC
Updated2023-11-07 04:10:00 UTC
DescriptionIn Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Artifex Ghostscript All All All All
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All

References

ReferenceSourceLinkTags
[SECURITY] Fedora 37 Update: ghostscript-9.56.1-7.fc37 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 38 Update: ghostscript-10.01.0-3.fc38 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] [DLA 3381-1] ghostscript security update MLIST lists.debian.org
[SECURITY] Fedora 36 Update: ghostscript-9.56.1-7.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Bug Access Denied MISC bugs.ghostscript.com
git.ghostscript.com Git - ghostpdl.git/commit MISC git.ghostscript.com
News — Ghostscript 10.02.0 documentation MISC ghostscript.readthedocs.io
[SECURITY] Fedora 36 Update: ghostscript-9.56.1-7.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
oss-security - Ghostscript CVE-2023-28879: "Shell in the Ghost" MLIST www.openwall.com
[SECURITY] Fedora 38 Update: ghostscript-10.01.0-3.fc38 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
GPL Ghostscript: Multiple Vulnerabilities (GLSA 202309-03) — Gentoo security GENTOO security.gentoo.org
[SECURITY] Fedora 37 Update: ghostscript-9.56.1-7.fc37 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Debian -- Security Information -- DSA-5383-1 ghostscript DEBIAN www.debian.org
git.ghostscript.com Git - ghostpdl.git/commit git.ghostscript.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 161100 Oracle Enterprise Linux Security Update for ghostscript (ELSA-2023-6544)
  • 161137 Oracle Enterprise Linux Security Update for ghostscript (ELSA-2023-7053)
  • 181694 Debian Security Update for ghostscript (DLA 3381-1)
  • 181699 Debian Security Update for ghostscript (DSA 5383-1)
  • 184696 Debian Security Update for ghostscript (CVE-2023-28879)
  • 199285 Ubuntu Security Notification for Ghostscript Vulnerability (USN-6017-1)
  • 199311 Ubuntu Security Notification for Ghostscript Vulnerability (USN-6017-2)
  • 242317 Red Hat Update for ghostscript (RHSA-2023:6544)
  • 242407 Red Hat Update for ghostscript (RHSA-2023:7053)
  • 283869 Fedora Security Update for ghostscript (FEDORA-2023-f51bc947bb)
  • 283891 Fedora Security Update for ghostscript (FEDORA-2023-366850fc87)
  • 284195 Fedora Security Update for ghostscript (FEDORA-2023-fbf86d8916)
  • 354919 Amazon Linux Security Advisory for ghostscript : ALAS2-2023-2019
  • 354930 Amazon Linux Security Advisory for ghostscript : ALAS-2023-1734
  • 355128 Amazon Linux Security Advisory for ghostscript : ALAS2023-2023-162
  • 355381 Amazon Linux Security Advisory for ghostscript : AL2012-2023-410
  • 502704 Alpine Linux Security Update for ghostscript
  • 502705 Alpine Linux Security Update for ghostscript
  • 502706 Alpine Linux Security Update for ghostscript
  • 502723 Alpine Linux Security Update for ghostscript
  • 672937 EulerOS Security Update for ghostscript (EulerOS-SA-2023-1820)
  • 672962 EulerOS Security Update for ghostscript (EulerOS-SA-2023-1802)
  • 673190 EulerOS Security Update for ghostscript (EulerOS-SA-2023-2311)
  • 673203 EulerOS Security Update for ghostscript (EulerOS-SA-2023-2331)
  • 673715 EulerOS Security Update for ghostscript (EulerOS-SA-2023-3126)
  • 673975 EulerOS Security Update for ghostscript (EulerOS-SA-2024-1138)
  • 691137 Free Berkeley Software Distribution (FreeBSD) Security Update for ghostscript (25872b25-da2d-11ed-b715-a1e76793953b)
  • 710748 Gentoo Linux GPL Ghostscript Multiple Vulnerabilities (GLSA 202309-03)
  • 753899 SUSE Enterprise Linux Security Update for ghostscript (SUSE-SU-2023:1799-1)
  • 753900 SUSE Enterprise Linux Security Update for ghostscript (SUSE-SU-2023:1797-1)
  • 941375 AlmaLinux Security Update for ghostscript (ALSA-2023:6544)
  • 941434 AlmaLinux Security Update for ghostscript (ALSA-2023:7053)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report