{"api_version":"1","generated_at":"2026-04-22T16:07:22+00:00","cve":"CVE-2023-28879","urls":{"html":"https://cve.report/CVE-2023-28879","api":"https://cve.report/api/cve/CVE-2023-28879.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-28879","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-28879"},"summary":{"title":"CVE-2023-28879","description":"In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-03-31 17:15:00","updated_at":"2023-11-07 04:10:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/","name":"FEDORA-2023-f51bc947bb","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: ghostscript-9.56.1-7.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/","name":"FEDORA-2023-fbf86d8916","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 38 Update: ghostscript-10.01.0-3.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html","name":"[debian-lts-announce] 20230404 [SECURITY] [DLA 3381-1] ghostscript security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3381-1] ghostscript security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/","name":"FEDORA-2023-366850fc87","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: ghostscript-9.56.1-7.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=706494","name":"https://bugs.ghostscript.com/show_bug.cgi?id=706494","refsource":"MISC","tags":[],"title":"Bug Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=37ed5022cecd584de868933b5b60da2e995b3179","name":"https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=37ed5022cecd584de868933b5b60da2e995b3179","refsource":"MISC","tags":[],"title":"git.ghostscript.com Git - ghostpdl.git/commit","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://ghostscript.readthedocs.io/en/latest/News.html","name":"https://ghostscript.readthedocs.io/en/latest/News.html","refsource":"MISC","tags":[],"title":"News — Ghostscript 10.02.0 documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/","name":"FEDORA-2023-366850fc87","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: ghostscript-9.56.1-7.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/04/12/4","name":"[oss-security] 20230412 Ghostscript CVE-2023-28879: \"Shell in the Ghost\"","refsource":"MLIST","tags":[],"title":"oss-security - Ghostscript CVE-2023-28879: \"Shell in the Ghost\"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/","name":"FEDORA-2023-fbf86d8916","refsource":"","tags":[],"title":"[SECURITY] Fedora 38 Update: ghostscript-10.01.0-3.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202309-03","name":"GLSA-202309-03","refsource":"GENTOO","tags":[],"title":"GPL Ghostscript: Multiple Vulnerabilities (GLSA 202309-03) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/","name":"FEDORA-2023-f51bc947bb","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: ghostscript-9.56.1-7.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5383","name":"DSA-5383","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5383-1 ghostscript","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179","name":"https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179","refsource":"","tags":[],"title":"git.ghostscript.com Git - ghostpdl.git/commit","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-28879","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28879","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"28879","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"artifex","cpe5":"ghostscript","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28879","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28879","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-28879","qid":"161100","title":"Oracle Enterprise Linux Security Update for ghostscript (ELSA-2023-6544)"},{"cve":"CVE-2023-28879","qid":"161137","title":"Oracle Enterprise Linux Security Update for ghostscript (ELSA-2023-7053)"},{"cve":"CVE-2023-28879","qid":"181694","title":"Debian Security Update for ghostscript (DLA 3381-1)"},{"cve":"CVE-2023-28879","qid":"181699","title":"Debian Security Update for ghostscript (DSA 5383-1)"},{"cve":"CVE-2023-28879","qid":"184696","title":"Debian Security Update for ghostscript (CVE-2023-28879)"},{"cve":"CVE-2023-28879","qid":"199285","title":"Ubuntu Security Notification for Ghostscript Vulnerability (USN-6017-1)"},{"cve":"CVE-2023-28879","qid":"199311","title":"Ubuntu Security Notification for Ghostscript Vulnerability (USN-6017-2)"},{"cve":"CVE-2023-28879","qid":"242317","title":"Red Hat Update for ghostscript (RHSA-2023:6544)"},{"cve":"CVE-2023-28879","qid":"242407","title":"Red Hat Update for ghostscript (RHSA-2023:7053)"},{"cve":"CVE-2023-28879","qid":"283869","title":"Fedora Security Update for ghostscript (FEDORA-2023-f51bc947bb)"},{"cve":"CVE-2023-28879","qid":"283891","title":"Fedora Security Update for ghostscript (FEDORA-2023-366850fc87)"},{"cve":"CVE-2023-28879","qid":"284195","title":"Fedora Security Update for ghostscript (FEDORA-2023-fbf86d8916)"},{"cve":"CVE-2023-28879","qid":"354919","title":"Amazon Linux Security Advisory for ghostscript : ALAS2-2023-2019"},{"cve":"CVE-2023-28879","qid":"354930","title":"Amazon Linux Security Advisory for ghostscript : ALAS-2023-1734"},{"cve":"CVE-2023-28879","qid":"355128","title":"Amazon Linux Security Advisory for ghostscript : ALAS2023-2023-162"},{"cve":"CVE-2023-28879","qid":"355381","title":"Amazon Linux Security Advisory for ghostscript : AL2012-2023-410"},{"cve":"CVE-2023-28879","qid":"502704","title":"Alpine Linux Security Update for ghostscript"},{"cve":"CVE-2023-28879","qid":"502705","title":"Alpine Linux Security Update for ghostscript"},{"cve":"CVE-2023-28879","qid":"502706","title":"Alpine Linux Security Update for ghostscript"},{"cve":"CVE-2023-28879","qid":"502723","title":"Alpine Linux Security Update for ghostscript"},{"cve":"CVE-2023-28879","qid":"672937","title":"EulerOS Security Update for ghostscript (EulerOS-SA-2023-1820)"},{"cve":"CVE-2023-28879","qid":"672962","title":"EulerOS Security Update for ghostscript (EulerOS-SA-2023-1802)"},{"cve":"CVE-2023-28879","qid":"673190","title":"EulerOS Security Update for ghostscript (EulerOS-SA-2023-2311)"},{"cve":"CVE-2023-28879","qid":"673203","title":"EulerOS Security Update for ghostscript (EulerOS-SA-2023-2331)"},{"cve":"CVE-2023-28879","qid":"673715","title":"EulerOS Security Update for ghostscript (EulerOS-SA-2023-3126)"},{"cve":"CVE-2023-28879","qid":"673975","title":"EulerOS Security Update for ghostscript (EulerOS-SA-2024-1138)"},{"cve":"CVE-2023-28879","qid":"691137","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for ghostscript (25872b25-da2d-11ed-b715-a1e76793953b)"},{"cve":"CVE-2023-28879","qid":"710748","title":"Gentoo Linux GPL Ghostscript Multiple Vulnerabilities (GLSA 202309-03)"},{"cve":"CVE-2023-28879","qid":"753899","title":"SUSE Enterprise Linux Security Update for ghostscript (SUSE-SU-2023:1799-1)"},{"cve":"CVE-2023-28879","qid":"753900","title":"SUSE Enterprise Linux Security Update for ghostscript (SUSE-SU-2023:1797-1)"},{"cve":"CVE-2023-28879","qid":"941375","title":"AlmaLinux Security Update for ghostscript (ALSA-2023:6544)"},{"cve":"CVE-2023-28879","qid":"941434","title":"AlmaLinux Security Update for ghostscript (ALSA-2023:7053)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-28879","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=706494","refsource":"MISC","name":"https://bugs.ghostscript.com/show_bug.cgi?id=706494"},{"url":"https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=37ed5022cecd584de868933b5b60da2e995b3179","refsource":"MISC","name":"https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=37ed5022cecd584de868933b5b60da2e995b3179"},{"refsource":"MISC","name":"https://ghostscript.readthedocs.io/en/latest/News.html","url":"https://ghostscript.readthedocs.io/en/latest/News.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230404 [SECURITY] [DLA 3381-1] ghostscript security update","url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html"},{"refsource":"DEBIAN","name":"DSA-5383","url":"https://www.debian.org/security/2023/dsa-5383"},{"refsource":"FEDORA","name":"FEDORA-2023-f51bc947bb","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/"},{"refsource":"MLIST","name":"[oss-security] 20230412 Ghostscript CVE-2023-28879: \"Shell in the Ghost\"","url":"http://www.openwall.com/lists/oss-security/2023/04/12/4"},{"refsource":"FEDORA","name":"FEDORA-2023-fbf86d8916","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/"},{"refsource":"FEDORA","name":"FEDORA-2023-366850fc87","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/"},{"refsource":"GENTOO","name":"GLSA-202309-03","url":"https://security.gentoo.org/glsa/202309-03"}]}},"nvd":{"publishedDate":"2023-03-31 17:15:00","lastModifiedDate":"2023-11-07 04:10:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*","versionEndExcluding":"10.01.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}