CVE-2023-36664
Summary
| CVE | CVE-2023-36664 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-25 22:15:00 UTC |
| Updated | 2023-11-07 04:16:00 UTC |
| Description | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Artifex | Ghostscript | All | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Debian | Debian Linux | 12.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Operating System | Fedoraproject | Fedora | 38 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.ghostscript.com Git - ghostpdl.git/commit | MISC | git.ghostscript.com | |
| Debian -- Security Information -- DSA-5446-1 ghostscript | DEBIAN | www.debian.org | |
| git.ghostscript.com Git - ghostpdl.git/commit | git.ghostscript.com | ||
| git.ghostscript.com Git - ghostpdl.git/commit | git.ghostscript.com | ||
| [SECURITY] Fedora 38 Update: ghostscript-10.01.2-1.fc38 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: ghostscript-9.56.1-8.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| GPL Ghostscript: Multiple Vulnerabilities (GLSA 202309-03) — Gentoo security | GENTOO | security.gentoo.org | |
| git.ghostscript.com Git - ghostpdl.git/commit | MISC | git.ghostscript.com | |
| Bug Access Denied | MISC | bugs.ghostscript.com | |
| [SECURITY] Fedora 38 Update: ghostscript-10.01.2-1.fc38 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: ghostscript-9.56.1-8.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160957 Oracle Enterprise Linux Security Update for ghostscript (ELSA-2023-5459)
- 199456 Ubuntu Security Notification for Ghostscript Vulnerability (USN-6213-1)
- 241873 Red Hat Update for ghostscript (RHSA-2023:4324)
- 242112 Red Hat Update for ghostscript (RHSA-2023:5459)
- 284317 Fedora Security Update for ghostscript (FEDORA-2023-d8a1c3e5e2)
- 284338 Fedora Security Update for ghostscript (FEDORA-2023-83c805b441)
- 285306 Fedora Security Update for ghostscript (FEDORA-2023-b240ebd9aa)
- 355807 Amazon Linux Security Advisory for ghostscript : ALAS2023-2023-276
- 378699 Ghostscript Code Execution Vulnerability
- 378961 Alibaba Cloud Linux Security Update for ghostscript (ALINUX3-SA-2023:0127)
- 503041 Alpine Linux Security Update for ghostscript
- 503042 Alpine Linux Security Update for ghostscript
- 6000225 Debian Security Update for ghostscript (DSA 5446-1)
- 673373 EulerOS Security Update for ghostscript (EulerOS-SA-2023-2876)
- 673844 EulerOS Security Update for ghostscript (EulerOS-SA-2023-2895)
- 673857 EulerOS Security Update for ghostscript (EulerOS-SA-2023-2785)
- 674059 EulerOS Security Update for ghostscript (EulerOS-SA-2023-2809)
- 710748 Gentoo Linux GPL Ghostscript Multiple Vulnerabilities (GLSA 202309-03)
- 754169 SUSE Enterprise Linux Security Update for ghostscript (SUSE-SU-2023:2829-1)
- 754177 SUSE Enterprise Linux Security Update for ghostscript (SUSE-SU-2023:2844-1)
- 941284 AlmaLinux Security Update for ghostscript (ALSA-2023:5459)
- 961040 Rocky Linux Security Update for ghostscript (RLSA-2023:5459)