CVE-2023-38559

MEDIUM EPSS 35.7%
Published Aug 1, 20232y ago · Modified Jun 23, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 1, 2023 2y ago
Last Modified Jun 23, 2026 1w ago

Description

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
35.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-120
CWE-125 Out-of-bounds Read Memory Safety

Affected Products 6

VendorProductVersionRange
artifexghostscript* <10.02.0
redhatenterprise_linux8.0any
redhatenterprise_linux9.0any
fedoraprojectfedora37any
fedoraprojectfedora38any
debiandebian_linux10.0any

References 9

  • access.redhat.com https://access.redhat.com/errata/RHSA-2023:6544
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2023:7053
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/security/cve/CVE-2023-38559
    Third Party Advisory
  • bugs.ghostscript.com https://bugs.ghostscript.com/show_bug.cgi?id=706897
    Permissions Required
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2224367
    Issue TrackingThird Party Advisory
  • git.ghostscript.com https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
    Mailing ListPatch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/

Remediation

  • git.ghostscript.com https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
    Mailing ListPatch