Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-43115

Published: 18/09/2023 Updated: 22/02/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Artifex

Vulnerability Summary

In Artifex Ghostscript up to and including 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

artifex ghostscript

fedoraproject fedora 38

fedoraproject fedora 39

Vendor Advisories

Red Hat: Important: ghostscript security update
Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for ghostscript is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security ...
Red Hat: Important: ghostscript security update
Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for ghostscript is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as h ...
Red Hat:
Description<!---->A vulnerability was found in Artifex Ghostscript in gdevijsc, allows a malicious remote attacker to perform remote code execution via crafted PostScript documentsA vulnerability was found in Artifex Ghostscript in gdevijsc, allows a malicious remote attacker to perform remote code execution via crafted PostScript documents ...

Github Repositories

https://github.com/jostaub/ghostscript-CVE-2023-43115

A small write-up with examples to understand CVE-2023-43115

ghostscript-CVE-2023-43115 A small write-up with examples to help understand CVE-2023-43115 WarningI wrote this mainly for myself to understand the problem and to learn about cybersecurity So there may be errors The Problem To utilize the IJS device (Improved Inkjet Printing), Ghostscript is required to start an IJS server This is accomplished by using the path specified i

References

NVD-CWE-noinfohttps://bugs.ghostscript.com/show_bug.cgi?id=707051https://ghostscript.com/https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/https://access.redhat.com/errata/RHSA-2023:5868https://nvd.nist.govhttps://github.com/jostaub/ghostscript-CVE-2023-43115https://access.redhat.com/security/cve/cve-2023-43115
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook