CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

History

07 Nov 2023, 04:16

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/', 'name': 'FEDORA-2023-d8a1c3e5e2', 'tags': ['Mailing List'], 'refsource': 'FEDORA'}
  • {'url': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c', 'name': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c', 'tags': ['Mailing List', 'Patch'], 'refsource': 'MISC'}
  • {'url': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d', 'name': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d', 'tags': ['Mailing List', 'Patch'], 'refsource': 'MISC'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/', 'name': 'FEDORA-2023-83c805b441', 'tags': ['Mailing List'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/ -
  • () https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d -
  • () https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c -

17 Sep 2023, 07:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202309-03 -

02 Aug 2023, 15:42

Type Values Removed Values Added
First Time Fedoraproject fedora
Fedoraproject
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/ - Mailing List
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/ - Mailing List
CPE cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

23 Jul 2023, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/ -

16 Jul 2023, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/ -

14 Jul 2023, 14:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 7.8

06 Jul 2023, 18:00

Type Values Removed Values Added
References (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=706761 - (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=706761 - Issue Tracking, Permissions Required
References (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d - (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d - Mailing List, Patch
References (DEBIAN) https://www.debian.org/security/2023/dsa-5446 - (DEBIAN) https://www.debian.org/security/2023/dsa-5446 - Third Party Advisory
References (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c - (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c - Mailing List, Patch
First Time Artifex ghostscript
Debian debian Linux
Artifex
Debian
CPE cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

04 Jul 2023, 04:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2023/dsa-5446 -

25 Jun 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-25 22:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-36664

Mitre link : CVE-2023-36664

CVE.ORG link : CVE-2023-36664


JSON object : View

Products Affected

artifex

  • ghostscript

fedoraproject

  • fedora

debian

  • debian_linux