Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-46751

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 06 Π΄Π΅ΠΊ. 2023
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: redhat
CVSS3: 7.5
EPSS Низкий

ОписаниС

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

A flaw was found in Ghostscript. A remote attacker may use a specially crafted payload to trigger access to previously freed memory, which can potentially lead to remote code execution or an application crash.

ΠžΡ‚Ρ‡Π΅Ρ‚

The discovered vulnerability in the function gdev_prn_open_printer_seekable() within Artifex Ghostscript, poses a moderate severity threat due to its potential to cause a denial-of-service (DoS) condition. Exploiting this flaw involves manipulating a dangling pointer, which can lead to crashing the application. While the impact is limited to crashing the application, the exploit requires remote access, which elevates the risk compared to local-only vulnerabilities.

ΠœΠ΅Ρ€Ρ‹ ΠΏΠΎ ΡΠΌΡΠ³Ρ‡Π΅Π½ΠΈΡŽ послСдствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΠ°ΠΊΠ΅Ρ‚Ρ‹

ΠŸΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ°ΠŸΠ°ΠΊΠ΅Ρ‚Π‘ΠΎΡΡ‚ΠΎΡΠ½ΠΈΠ΅Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°Ρ†ΠΈΡΠ Π΅Π»ΠΈΠ·
Red Hat Enterprise Linux 6ghostscriptOut of support scope
Red Hat Enterprise Linux 7ghostscriptOut of support scope
Red Hat Enterprise Linux 8ghostscriptFixedRHSA-2025:436230.04.2025
Red Hat Enterprise Linux 9ghostscriptFixedRHSA-2025:742213.05.2025

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

Π”ΠΎΠΏΠΎΠ»Π½ΠΈΡ‚Π΅Π»ΡŒΠ½Π°Ρ информация

Бтатус:

Moderate
Π”Π΅Ρ„Π΅ΠΊΡ‚:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2253365ghostscript: dangling pointer in gdev_prn_open_printer_seekable()

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 31%
0.00114
Низкий

7.5 High

CVSS3

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-46751

CVSS3: 7.5
ubuntu
большС 1 года назад

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-46751

CVSS3: 7.5
nvd
большС 1 года назад

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-46751

CVSS3: 7.5
debian
большС 1 года назад

An issue was discovered in the function gdev_prn_open_printer_seekable ...

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2023:4920-1

suse-cvrf
большС 1 года назад

Security update for ghostscript

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2023:4917-1

suse-cvrf
большС 1 года назад

Security update for ghostscript

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 31%
0.00114
Низкий

7.5 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2023-46751