CVE-2023-38559

CVE	CVE-2023-38559
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-08-01 17:15:00 UTC
Updated	2024-03-08 18:19:00 UTC
Description	A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.

Problem Types: CWE-120

Type	Vendor	Product	Version	Update	Edition	Language
Application	Artifex	Ghostscript	All	All	All	All
Application	Artifex	Ghostscript	-	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Operating System	Fedoraproject	Fedora	38	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	9.0	All	All	All

Reference	Source	Link	Tags
Bug Access Denied	MISC	bugs.ghostscript.com
[SECURITY] [DLA 3519-1] ghostscript security update	MISC	lists.debian.org
git.ghostscript.com Git - ghostpdl.git/commitdiff	MISC	git.ghostscript.com
Red Hat		access.redhat.com
[SECURITY] Fedora 38 Update: ghostscript-10.01.2-3.fc38 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: ghostscript-9.56.1-9.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
cve-details	MISC	access.redhat.com
Red Hat		access.redhat.com
2224367 – (CVE-2023-38559) CVE-2023-38559 ghostscript: Out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in DoS	MISC	bugzilla.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

161100 Oracle Enterprise Linux Security Update for ghostscript (ELSA-2023-6544)
161137 Oracle Enterprise Linux Security Update for ghostscript (ELSA-2023-7053)
199668 Ubuntu Security Notification for Ghostscript Vulnerability (USN-6297-1)
242317 Red Hat Update for ghostscript (RHSA-2023:6544)
242407 Red Hat Update for ghostscript (RHSA-2023:7053)
284386 Fedora Security Update for ghostscript (FEDORA-2023-cba4a3a00f)
284403 Fedora Security Update for ghostscript (FEDORA-2023-d0ef677e6f)
296107 Oracle Solaris 11.4 Support Repository Update (SRU) 65.157.1 Missing (CPUJAN2024)
355821 Amazon Linux Security Advisory for ghostscript : ALAS-2023-1801
355834 Amazon Linux Security Advisory for ghostscript : ALAS2-2023-2204
355877 Amazon Linux Security Advisory for ghostscript : ALAS2023-2023-296
6000118 Debian Security Update for ghostscript (DLA 3519-1)
673373 EulerOS Security Update for ghostscript (EulerOS-SA-2023-2876)
673715 EulerOS Security Update for ghostscript (EulerOS-SA-2023-3126)
673844 EulerOS Security Update for ghostscript (EulerOS-SA-2023-2895)
673857 EulerOS Security Update for ghostscript (EulerOS-SA-2023-2785)
674059 EulerOS Security Update for ghostscript (EulerOS-SA-2023-2809)
941375 AlmaLinux Security Update for ghostscript (ALSA-2023:6544)
941434 AlmaLinux Security Update for ghostscript (ALSA-2023:7053)