CVE-2023-43115
Summary
| CVE | CVE-2023-43115 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-18 08:15:00 UTC |
| Updated | 2023-11-07 04:21:00 UTC |
| Description | In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Artifex | Ghostscript | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.ghostscript.com Git | git.ghostscript.com | ||
| [SECURITY] Fedora 38 Update: ghostscript-10.01.2-4.fc38 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 38 Update: ghostscript-10.01.2-4.fc38 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| git.ghostscript.com Git - ghostpdl.git/commit | MISC | git.ghostscript.com | |
| [SECURITY] Fedora 39 Update: ghostscript-10.01.2-4.fc39 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Bug Access Denied | MISC | bugs.ghostscript.com | |
| [SECURITY] Fedora 39 Update: ghostscript-10.01.2-4.fc39 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| ghostscript.com | MISC | ghostscript.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161046 Oracle Enterprise Linux Security Update for ghostscript (ELSA-2023-6265)
- 161065 Oracle Enterprise Linux Security Update for ghostscript (ELSA-2023-6732)
- 199833 Ubuntu Security Notification for Ghostscript Vulnerability (USN-6433-1)
- 242221 Red Hat Update for ghostscript (RHSA-2023:5868)
- 242270 Red Hat Update for ghostscript (RHSA-2023:6265)
- 242402 Red Hat Update for ghostscript (RHSA-2023:6732)
- 284630 Fedora Security Update for ghostscript (FEDORA-2023-66d60c3df7)
- 285200 Fedora Security Update for ghostscript (FEDORA-2023-c2665a9ff3)
- 296107 Oracle Solaris 11.4 Support Repository Update (SRU) 65.157.1 Missing (CPUJAN2024)
- 356391 Amazon Linux Security Advisory for ghostscript : ALAS2023-2023-362
- 379195 Alibaba Cloud Linux Security Update for ghostscript (ALINUX3-SA-2023:0141)
- 503542 Alpine Linux Security Update for ghostscript
- 505871 Alpine Linux Security Update for ghostscript
- 673402 EulerOS Security Update for ghostscript (EulerOS-SA-2023-3329)
- 673459 EulerOS Security Update for ghostscript (EulerOS-SA-2023-3176)
- 673593 EulerOS Security Update for ghostscript (EulerOS-SA-2023-3211)
- 673651 EulerOS Security Update for ghostscript (EulerOS-SA-2023-3297)
- 755010 SUSE Enterprise Linux Security Update for ghostscript (SUSE-SU-2023:3938-1)
- 755039 SUSE Enterprise Linux Security Update for ghostscript (SUSE-SU-2023:3984-1)
- 941332 AlmaLinux Security Update for ghostscript (ALSA-2023:6265)
- 941356 AlmaLinux Security Update for ghostscript (ALSA-2023:6732)