CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

History

22 Feb 2024, 17:49

Type Values Removed Values Added
References () https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5 - () https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5 - Broken Link
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/ - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/ - Mailing List
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 8.8
First Time Fedoraproject
Fedoraproject fedora
CPE cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

07 Nov 2023, 04:21

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/', 'name': 'FEDORA-2023-66d60c3df7', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/', 'name': 'FEDORA-2023-c2665a9ff3', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5', 'name': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5', 'tags': ['Mailing List', 'Patch'], 'refsource': 'MISC'}
  • () https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5 -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/ -

16 Oct 2023, 18:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/ -

15 Oct 2023, 04:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/ -

21 Sep 2023, 16:27

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Artifex
Artifex ghostscript
References (MISC) https://ghostscript.com/ - (MISC) https://ghostscript.com/ - Product
References (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=707051 - (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=707051 - Permissions Required
References (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 - (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 - Mailing List, Patch
CPE cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

18 Sep 2023, 13:26

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-18 08:15

Updated : 2024-02-22 17:49


NVD link : CVE-2023-43115

Mitre link : CVE-2023-43115

CVE.ORG link : CVE-2023-43115


JSON object : View

Products Affected

artifex

  • ghostscript

fedoraproject

  • fedora