Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-28879

Опубликовано: 31 мар. 2023
Источник: debian
EPSS Средний

Описание

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ghostscriptfixed10.0.0~dfsg-11package

Примечания

  • https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public)

  • Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179

  • Future hardening/potentially intrusive impact for older versions (and should not be applied for

  • older versions):

  • https://git.ghostscript.com/?p=ghostpdl.git;h=3635f4c75e54e337a4eebcf6db3eef0e60f9cebf

  • https://www.openwall.com/lists/oss-security/2023/04/12/4

  • https://offsec.almond.consulting/ghostscript-cve-2023-28879.html

EPSS

Процентиль: 97%
0.3164
Средний

Связанные уязвимости

ubuntu логотип

CVE-2023-28879

CVSS3: 9.8
ubuntu
около 2 лет назад

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

redhat логотип

CVE-2023-28879

CVSS3: 8.4
redhat
около 2 лет назад

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

nvd логотип

CVE-2023-28879

CVSS3: 9.8
nvd
около 2 лет назад

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

suse-cvrf логотип

SUSE-SU-2023:1799-1

suse-cvrf
около 2 лет назад

Security update for ghostscript

suse-cvrf логотип

SUSE-SU-2023:1797-1

suse-cvrf
около 2 лет назад

Security update for ghostscript

EPSS

Процентиль: 97%
0.3164
Средний