CVE-2023-52722

CWE-7548 documents7 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 82.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Artifex Ghostscript
Timeline
PublishedApr 28
Latest updateJun 17

Description

An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDartifex/ghostscript< 10.03.1
Debianghostscript< 9.53.3~dfsg-7+deb11u7+3
Ubuntughostscript< 9.50~dfsg-5ubuntu4.12+2

Patches

Patch: cgit.ghostscript.comPatch: cgit.ghostscript.com

🔴Vulnerability Details

4
OSV
ghostscript vulnerabilities2024-06-17
OSV
CVE-2023-52722: An issue was discovered in Artifex Ghostscript before 102024-04-28
GHSA
GHSA-5473-w6gq-5r5g: An issue was discovered in Artifex Ghostscript through 102024-04-28
CVEList
CVE-2023-52722: An issue was discovered in Artifex Ghostscript before 102024-04-27

📋Vendor Advisories

3
Ubuntu
Ghostscript vulnerabilities2024-06-17
Red Hat
ghostscript: eexec seeds other than the Type 1 standard are allowed while using SAFER mode2024-04-28
Debian
CVE-2023-52722: ghostscript - An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, whe...2023
CVE-2023-52722 (MEDIUM CVSS 5.5) | An issue was discovered in Artifex | cvebase.io