Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2023-38559

Published: 01/08/2023 Updated: 08/03/2024
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Ghostscript

Vulnerability Summary

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local malicious user to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.

Vulnerable Product Search on Vulmon Subscribe to Product

artifex ghostscript

redhat enterprise linux 8.0

redhat enterprise linux 9.0

fedoraproject fedora 37

fedoraproject fedora 38

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: ghostscript: CVE-2023-38559
Debian Bug report logs - #1043033 ghostscript: CVE-2023-38559 Package: src:ghostscript; Maintainer for src:ghostscript is Debian QA Group <packages@qadebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 4 Aug 2023 19:36:01 UTC Severity: important Tags: security, upstream Found in versions ...
Red Hat: Moderate: ghostscript security and bug fix update
Synopsis Moderate: ghostscript security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for ghostscript is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this u ...
Red Hat: Moderate: ghostscript security and bug fix update
Synopsis Moderate: ghostscript security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for ghostscript is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this u ...
Amazon Linux 2: ALAS2-2023-2204
A buffer overflow flaw was found in base/gdevdevnc:1973 in devn_pcx_write_rle() in ghostscript This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs (CVE-2023-38559) ...
Amazon Linux AMI: ALAS-2023-1801
A buffer overflow flaw was found in base/gdevdevnc:1973 in devn_pcx_write_rle() in ghostscript This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs (CVE-2023-38559) ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-120https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1https://access.redhat.com/security/cve/CVE-2023-38559https://bugzilla.redhat.com/show_bug.cgi?id=2224367https://bugs.ghostscript.com/show_bug.cgi?id=706897https://lists.debian.org/debian-lts-announce/2023/08/msg00006.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/https://access.redhat.com/errata/RHSA-2023:6544https://access.redhat.com/errata/RHSA-2023:7053https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043033https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11https://alas.aws.amazon.com/AL2/ALAS-2023-2204.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook