{"api_version":"1","generated_at":"2026-04-22T16:06:31+00:00","cve":"CVE-2023-43115","urls":{"html":"https://cve.report/CVE-2023-43115","api":"https://cve.report/api/cve/CVE-2023-43115.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-43115","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-43115"},"summary":{"title":"CVE-2023-43115","description":"In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-09-18 08:15:00","updated_at":"2023-11-07 04:21:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5","name":"https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5","refsource":"","tags":[],"title":"git.ghostscript.com Git","mime":"text/xml","httpstatus":"404","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/","name":"FEDORA-2023-66d60c3df7","refsource":"","tags":[],"title":"[SECURITY] Fedora 38 Update: ghostscript-10.01.2-4.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/","name":"FEDORA-2023-66d60c3df7","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 38 Update: ghostscript-10.01.2-4.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5","name":"https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5","refsource":"MISC","tags":[],"title":"git.ghostscript.com Git - ghostpdl.git/commit","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/","name":"FEDORA-2023-c2665a9ff3","refsource":"","tags":[],"title":"[SECURITY] Fedora 39 Update: ghostscript-10.01.2-4.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=707051","name":"https://bugs.ghostscript.com/show_bug.cgi?id=707051","refsource":"MISC","tags":[],"title":"Bug Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/","name":"FEDORA-2023-c2665a9ff3","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 39 Update: ghostscript-10.01.2-4.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://ghostscript.com/","name":"https://ghostscript.com/","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-43115","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43115","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"43115","vulnerable":"1","versionEndIncluding":"10.01.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"artifex","cpe5":"ghostscript","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-43115","qid":"161046","title":"Oracle Enterprise Linux Security Update for ghostscript (ELSA-2023-6265)"},{"cve":"CVE-2023-43115","qid":"161065","title":"Oracle Enterprise Linux Security Update for ghostscript (ELSA-2023-6732)"},{"cve":"CVE-2023-43115","qid":"199833","title":"Ubuntu Security Notification for Ghostscript Vulnerability (USN-6433-1)"},{"cve":"CVE-2023-43115","qid":"242221","title":"Red Hat Update for ghostscript (RHSA-2023:5868)"},{"cve":"CVE-2023-43115","qid":"242270","title":"Red Hat Update for ghostscript (RHSA-2023:6265)"},{"cve":"CVE-2023-43115","qid":"242402","title":"Red Hat Update for ghostscript (RHSA-2023:6732)"},{"cve":"CVE-2023-43115","qid":"284630","title":"Fedora Security Update for ghostscript (FEDORA-2023-66d60c3df7)"},{"cve":"CVE-2023-43115","qid":"285200","title":"Fedora Security Update for ghostscript (FEDORA-2023-c2665a9ff3)"},{"cve":"CVE-2023-43115","qid":"296107","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 65.157.1 Missing (CPUJAN2024)"},{"cve":"CVE-2023-43115","qid":"356391","title":"Amazon Linux Security Advisory for ghostscript : ALAS2023-2023-362"},{"cve":"CVE-2023-43115","qid":"379195","title":"Alibaba Cloud Linux Security Update for ghostscript (ALINUX3-SA-2023:0141)"},{"cve":"CVE-2023-43115","qid":"503542","title":"Alpine Linux Security Update for ghostscript"},{"cve":"CVE-2023-43115","qid":"505871","title":"Alpine Linux Security Update for ghostscript"},{"cve":"CVE-2023-43115","qid":"673402","title":"EulerOS Security Update for ghostscript (EulerOS-SA-2023-3329)"},{"cve":"CVE-2023-43115","qid":"673459","title":"EulerOS Security Update for ghostscript (EulerOS-SA-2023-3176)"},{"cve":"CVE-2023-43115","qid":"673593","title":"EulerOS Security Update for ghostscript (EulerOS-SA-2023-3211)"},{"cve":"CVE-2023-43115","qid":"673651","title":"EulerOS Security Update for ghostscript (EulerOS-SA-2023-3297)"},{"cve":"CVE-2023-43115","qid":"755010","title":"SUSE Enterprise Linux Security Update for ghostscript (SUSE-SU-2023:3938-1)"},{"cve":"CVE-2023-43115","qid":"755039","title":"SUSE Enterprise Linux Security Update for ghostscript (SUSE-SU-2023:3984-1)"},{"cve":"CVE-2023-43115","qid":"941332","title":"AlmaLinux Security Update for ghostscript (ALSA-2023:6265)"},{"cve":"CVE-2023-43115","qid":"941356","title":"AlmaLinux Security Update for ghostscript (ALSA-2023:6732)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-43115","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://ghostscript.com/","refsource":"MISC","name":"https://ghostscript.com/"},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=707051","refsource":"MISC","name":"https://bugs.ghostscript.com/show_bug.cgi?id=707051"},{"url":"https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5","refsource":"MISC","name":"https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5"},{"refsource":"FEDORA","name":"FEDORA-2023-66d60c3df7","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/"},{"refsource":"FEDORA","name":"FEDORA-2023-c2665a9ff3","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/"}]}},"nvd":{"publishedDate":"2023-09-18 08:15:00","lastModifiedDate":"2023-11-07 04:21:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*","versionEndIncluding":"10.01.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}