CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
artifexghostscript
𝑥
< 10.01.0
debiandebian_linux
10.0
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bookworm
10.0.0~dfsg-11+deb12u5
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u6
fixed
bullseye
9.53.3~dfsg-7+deb11u7
fixed
bullseye (security)
9.53.3~dfsg-7+deb11u9
fixed
sid
10.04.0~dfsg-2
fixed
trixie
10.04.0~dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
bionic
Fixed 9.26~dfsg+0-0ubuntu0.18.04.18
released
focal
Fixed 9.50~dfsg-5ubuntu4.7
released
jammy
Fixed 9.55.0~dfsg1-0ubuntu5.2
released
kinetic
Fixed 9.56.1~dfsg1-0ubuntu3.1
released
lunar
Fixed 10.0.0~dfsg1-0ubuntu1.1
released
trusty
ignored
xenial
Fixed 9.26~dfsg+0-0ubuntu0.16.04.14+esm5
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ghostscript
suse enterprise desktop 15 SP4
9.52-150000.164.1
fixed
suse enterprise desktop 15 SP5
9.52-150000.164.1
fixed
suse enterprise desktop 15 SP6
9.52-150000.164.1
fixed
suse enterprise desktop 15 SP7
9.52-150000.164.1
fixed
suse enterprise sap 15 SP2
9.52-150000.164.1
fixed
suse enterprise sap 15 SP3
9.52-150000.164.1
fixed
suse enterprise sap 15 SP4
9.52-150000.164.1
fixed
suse enterprise sap 15 SP5
9.52-150000.164.1
fixed
suse enterprise sap 15 SP6
9.52-150000.164.1
fixed
suse enterprise sap 15 SP7
9.52-150000.164.1
fixed
suse enterprise server 12 SP3
9.52-23.51.1
fixed
suse enterprise server 12 SP4
9.52-23.51.1
fixed
suse enterprise server 12 SP5
9.52-23.51.1
fixed
suse enterprise server 15 SP1
9.52-150000.164.1
fixed
suse enterprise server 15 SP2
9.52-150000.164.1
fixed
suse enterprise server 15 SP3
9.52-150000.164.1
fixed
suse enterprise server 15 SP4
9.52-150000.164.1
fixed
suse enterprise server 15 SP5
9.52-150000.164.1
fixed
suse enterprise server 15 SP6
9.52-150000.164.1
fixed
suse enterprise server 15 SP7
9.52-150000.164.1
fixed
ghostscript-devel
suse enterprise desktop 15 SP4
9.52-150000.164.1
fixed
suse enterprise desktop 15 SP5
9.52-150000.164.1
fixed
suse enterprise desktop 15 SP6
9.52-150000.164.1
fixed
suse enterprise desktop 15 SP7
9.52-150000.164.1
fixed
suse enterprise sap 15 SP2
9.52-150000.164.1
fixed
suse enterprise sap 15 SP3
9.52-150000.164.1
fixed
suse enterprise sap 15 SP4
9.52-150000.164.1
fixed
suse enterprise sap 15 SP5
9.52-150000.164.1
fixed
suse enterprise sap 15 SP6
9.52-150000.164.1
fixed
suse enterprise sap 15 SP7
9.52-150000.164.1
fixed
suse enterprise server 12 SP3
9.52-23.51.1
fixed
suse enterprise server 12 SP4
9.52-23.51.1
fixed
suse enterprise server 12 SP5
9.52-23.51.1
fixed
suse enterprise server 15 SP1
9.52-150000.164.1
fixed
suse enterprise server 15 SP2
9.52-150000.164.1
fixed
suse enterprise server 15 SP3
9.52-150000.164.1
fixed
suse enterprise server 15 SP4
9.52-150000.164.1
fixed
suse enterprise server 15 SP5
9.52-150000.164.1
fixed
suse enterprise server 15 SP6
9.52-150000.164.1
fixed
suse enterprise server 15 SP7
9.52-150000.164.1
fixed
ghostscript-x11
suse enterprise desktop 15 SP4
9.52-150000.164.1
fixed
suse enterprise desktop 15 SP5
9.52-150000.164.1
fixed
suse enterprise desktop 15 SP6
9.52-150000.164.1
fixed
suse enterprise desktop 15 SP7
9.52-150000.164.1
fixed
suse enterprise sap 15 SP2
9.52-150000.164.1
fixed
suse enterprise sap 15 SP3
9.52-150000.164.1
fixed
suse enterprise sap 15 SP4
9.52-150000.164.1
fixed
suse enterprise sap 15 SP5
9.52-150000.164.1
fixed
suse enterprise sap 15 SP6
9.52-150000.164.1
fixed
suse enterprise sap 15 SP7
9.52-150000.164.1
fixed
suse enterprise server 12 SP3
9.52-23.51.1
fixed
suse enterprise server 12 SP4
9.52-23.51.1
fixed
suse enterprise server 12 SP5
9.52-23.51.1
fixed
suse enterprise server 15 SP1
9.52-150000.164.1
fixed
suse enterprise server 15 SP2
9.52-150000.164.1
fixed
suse enterprise server 15 SP3
9.52-150000.164.1
fixed
suse enterprise server 15 SP4
9.52-150000.164.1
fixed
suse enterprise server 15 SP5
9.52-150000.164.1
fixed
suse enterprise server 15 SP6
9.52-150000.164.1
fixed
suse enterprise server 15 SP7
9.52-150000.164.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ghostscript
RHEL 8
0:9.27-11.el8
fixed
RHEL 9
0:9.54.0-13.el9
fixed
ghostscript-doc
RHEL 8
0:9.27-11.el8
fixed
RHEL 9
0:9.54.0-13.el9
fixed
ghostscript-tools-dvipdf
RHEL 8
0:9.27-11.el8
fixed
RHEL 9
0:9.54.0-13.el9
fixed
ghostscript-tools-fonts
RHEL 8
0:9.27-11.el8
fixed
RHEL 9
0:9.54.0-13.el9
fixed
ghostscript-tools-printing
RHEL 8
0:9.27-11.el8
fixed
RHEL 9
0:9.54.0-13.el9
fixed
ghostscript-x11
RHEL 8
0:9.27-11.el8
fixed
RHEL 9
0:9.54.0-13.el9
fixed
libgs
RHEL 8
0:9.27-11.el8
fixed
RHEL 9
0:9.54.0-13.el9
fixed
libgs-devel
RHEL 8
0:9.27-11.el8
fixed
RHEL 9
0:9.54.0-13.el9
fixed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/04/12/4
https://bugs.ghostscript.com/show_bug.cgi?id=706494
https://ghostscript.readthedocs.io/en/latest/News.html
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179
https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/
https://security.gentoo.org/glsa/202309-03
https://www.debian.org/security/2023/dsa-5383
http://www.openwall.com/lists/oss-security/2023/04/12/4
https://bugs.ghostscript.com/show_bug.cgi?id=706494
https://ghostscript.readthedocs.io/en/latest/News.html
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179
https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/
https://security.gentoo.org/glsa/202309-03
https://www.debian.org/security/2023/dsa-5383