CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugs.ghostscript.com/show_bug.cgi?id=706761	Issue Tracking Permissions Required
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/
https://security.gentoo.org/glsa/202309-03
https://www.debian.org/security/2023/dsa-5446	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*

History

07 Nov 2023, 04:16

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/', 'name': 'FEDORA-2023-d8a1c3e5e2', 'tags': ['Mailing List'], 'refsource': 'FEDORA'} {'url': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c', 'name': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c', 'tags': ['Mailing List', 'Patch'], 'refsource': 'MISC'} {'url': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d', 'name': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d', 'tags': ['Mailing List', 'Patch'], 'refsource': 'MISC'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/', 'name': 'FEDORA-2023-83c805b441', 'tags': ['Mailing List'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/ - () https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d - () https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c -

17 Sep 2023, 07:15

Type	Values Removed	Values Added
References		(GENTOO) https://security.gentoo.org/glsa/202309-03 -

02 Aug 2023, 15:42

Type	Values Removed	Values Added
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/ - Mailing List
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/ - Mailing List
CPE		cpe:2.3:o:fedoraproject:fedora:38:::::::* cpe:2.3:o:fedoraproject:fedora:37:::::::*
First Time		Fedoraproject fedora Fedoraproject

23 Jul 2023, 03:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/ -

16 Jul 2023, 03:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/ -

14 Jul 2023, 14:48

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 7.8

06 Jul 2023, 18:00

Type	Values Removed	Values Added
First Time		Artifex ghostscript Debian debian Linux Artifex Debian
CPE		cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:a:artifex:ghostscript:::::::: cpe:2.3:o:debian:debian_linux:11.0:::::::*
CWE		NVD-CWE-Other
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~(MISC) https://bugs.ghostscript.com/show_bug.cgi?id=706761 -~~	(MISC) https://bugs.ghostscript.com/show_bug.cgi?id=706761 - Issue Tracking, Permissions Required
References	~~(MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d -~~	(MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d - Mailing List, Patch
References	~~(DEBIAN) https://www.debian.org/security/2023/dsa-5446 -~~	(DEBIAN) https://www.debian.org/security/2023/dsa-5446 - Third Party Advisory
References	~~(MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c -~~	(MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c - Mailing List, Patch

04 Jul 2023, 04:15

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2023/dsa-5446 -

25 Jun 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-06-25 22:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-36664

Mitre link : CVE-2023-36664

CVE.ORG link : CVE-2023-36664

JSON object : View

Products Affected

artifex

ghostscript

fedoraproject

fedora

debian

debian_linux

CWE

NVD-CWE-Other

7.8 /10