In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
References
Configurations
History
17 Sep 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Apr 2023, 04:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Apr 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Apr 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Apr 2023, 02:24
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://ghostscript.readthedocs.io/en/latest/News.html - Release Notes | |
References | (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=37ed5022cecd584de868933b5b60da2e995b3179 - Patch | |
References | (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=706494 - Exploit, Vendor Advisory | |
References | (DEBIAN) https://www.debian.org/security/2023/dsa-5383 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html - Mailing List, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
|
CWE | CWE-787 | |
First Time |
Debian
Artifex ghostscript Artifex Debian debian Linux |
06 Apr 2023, 04:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Apr 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Mar 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-31 17:15
Updated : 2023-09-17 07:15
NVD link : CVE-2023-28879
Mitre link : CVE-2023-28879
CVE.ORG link : CVE-2023-28879
JSON object : View
Products Affected
artifex
- ghostscript
debian
- debian_linux
CWE
CWE-787
Out-of-bounds Write