CVE-2023-43115 — Code Injection in Ghostscript

CWE-94 — Code Injection7 documents7 sources

Severity

8.8HIGHNVD

EPSS

21.7%

top 4.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript Fedoraproject Fedora

Timeline

PublishedSep 18

Latest updateOct 17

Description

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶Debianartifex/ghostscript< 9.53.3~dfsg-7+deb11u6+3

▶NVDartifex/ghostscript10.01.2

Also affects: Fedora 38, 39

🔴Vulnerability Details

GHSA

GHSA-9p55-888j-qxrh: In Artifex Ghostscript through 10↗2023-09-18

▶

CVEList

CVE-2023-43115: In Artifex Ghostscript through 10↗2023-09-18

▶

OSV

CVE-2023-43115: In Artifex Ghostscript through 10↗2023-09-18

▶

📋Vendor Advisories

Ubuntu

Ghostscript vulnerability↗2023-10-17

▶

Red Hat

Ghostscript: GhostPDL can lead to remote code execution via crafted PostScript documents↗2023-09-18

▶

Debian

CVE-2023-43115: ghostscript - In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote...↗2023

▶