CVE-2023-4042

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
redhatCNA
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
VendorProductVersion
artifexghostscript
𝑥
< 9.51
redhatcodeready_linux_builder
8.0
redhatcodeready_linux_builder_for_arm64
8.0_aarch64:_aarch64
redhatcodeready_linux_builder_for_ibm_z_systems
8.0_s390x:_s390x
redhatcodeready_linux_builder_for_power_little_endian
8.0_ppc64le:_ppc64le
redhatenterprise_linux
8.0
redhatenterprise_linux_for_arm_64
8.0_aarch64:_aarch64
redhatenterprise_linux_for_ibm_z_systems
8.0_s390x:_s390x
redhatenterprise_linux_for_power_little_endian
8.0_ppc64le:_ppc64le
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bullseye
9.53.3~dfsg-7+deb11u7
fixed
bullseye (security)
9.53.3~dfsg-7+deb11u9
fixed
bookworm
10.0.0~dfsg-11+deb12u5
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u6
fixed
sid
10.04.0~dfsg-2
fixed
trixie
10.04.0~dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
lunar
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:7053
https://access.redhat.com/security/cve/CVE-2023-4042
https://bugzilla.redhat.com/show_bug.cgi?id=1870257
https://bugzilla.redhat.com/show_bug.cgi?id=2228151
https://access.redhat.com/errata/RHSA-2023:7053
https://access.redhat.com/security/cve/CVE-2023-4042
https://bugzilla.redhat.com/show_bug.cgi?id=1870257
https://bugzilla.redhat.com/show_bug.cgi?id=2228151