CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

07 Nov 2023, 04:10

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/', 'name': 'FEDORA-2023-366850fc87', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/', 'name': 'FEDORA-2023-f51bc947bb', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=37ed5022cecd584de868933b5b60da2e995b3179', 'name': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=37ed5022cecd584de868933b5b60da2e995b3179', 'tags': ['Patch'], 'refsource': 'MISC'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/', 'name': 'FEDORA-2023-fbf86d8916', 'tags': [], 'refsource': 'FEDORA'}
  • () https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179 -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/ -

17 Sep 2023, 07:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202309-03 -

15 Apr 2023, 04:16

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/ -

12 Apr 2023, 21:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2023/04/12/4 -

12 Apr 2023, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/ -

08 Apr 2023, 02:24

Type Values Removed Values Added
References (MISC) https://ghostscript.readthedocs.io/en/latest/News.html - (MISC) https://ghostscript.readthedocs.io/en/latest/News.html - Release Notes
References (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=37ed5022cecd584de868933b5b60da2e995b3179 - (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=37ed5022cecd584de868933b5b60da2e995b3179 - Patch
References (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=706494 - (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=706494 - Exploit, Vendor Advisory
References (DEBIAN) https://www.debian.org/security/2023/dsa-5383 - (DEBIAN) https://www.debian.org/security/2023/dsa-5383 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html - Mailing List, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Debian
Artifex ghostscript
Artifex
Debian debian Linux
CPE cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CWE CWE-787

06 Apr 2023, 04:16

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2023/dsa-5383 -

04 Apr 2023, 21:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html -

31 Mar 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-31 17:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-28879

Mitre link : CVE-2023-28879

CVE.ORG link : CVE-2023-28879


JSON object : View

Products Affected

artifex

  • ghostscript

debian

  • debian_linux
CWE
CWE-787

Out-of-bounds Write