CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
artifexghostscript
𝑥
≤ 10.01.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bookworm
10.0.0~dfsg-11+deb12u5
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u6
fixed
bullseye
9.53.3~dfsg-7+deb11u7
fixed
bullseye (security)
9.53.3~dfsg-7+deb11u9
fixed
buster
ignored
sid
10.04.0~dfsg-2
fixed
trixie
10.04.0~dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
bionic
ignored
focal
Fixed 9.50~dfsg-5ubuntu4.11
released
jammy
Fixed 9.55.0~dfsg1-0ubuntu5.5
released
lunar
Fixed 10.0.0~dfsg1-0ubuntu1.4
released
mantic
Fixed 10.01.2~dfsg1-0ubuntu2.1
released
trusty
ignored
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ghostscript
suse enterprise desktop 15 SP4
9.52-150000.173.2
fixed
suse enterprise desktop 15 SP5
9.52-150000.173.2
fixed
suse enterprise desktop 15 SP6
9.52-150000.173.2
fixed
suse enterprise desktop 15 SP7
9.52-150000.173.2
fixed
suse enterprise sap 12 SP5
9.52-23.60.1
fixed
suse enterprise sap 15 SP1
9.52-150000.173.2
fixed
suse enterprise sap 15 SP2
9.52-150000.173.2
fixed
suse enterprise sap 15 SP3
9.52-150000.173.2
fixed
suse enterprise sap 15 SP4
9.52-150000.173.2
fixed
suse enterprise sap 15 SP5
9.52-150000.173.2
fixed
suse enterprise sap 15 SP6
9.52-150000.173.2
fixed
suse enterprise sap 15 SP7
9.52-150000.173.2
fixed
suse enterprise server 12 SP3
9.52-23.60.1
fixed
suse enterprise server 12 SP5
9.52-23.60.1
fixed
suse enterprise server 15 SP1
9.52-150000.173.2
fixed
suse enterprise server 15 SP2
9.52-150000.173.2
fixed
suse enterprise server 15 SP3
9.52-150000.173.2
fixed
suse enterprise server 15 SP4
9.52-150000.173.2
fixed
suse enterprise server 15 SP5
9.52-150000.173.2
fixed
suse enterprise server 15 SP6
9.52-150000.173.2
fixed
suse enterprise server 15 SP7
9.52-150000.173.2
fixed
ghostscript-devel
suse enterprise desktop 15 SP4
9.52-150000.173.2
fixed
suse enterprise desktop 15 SP5
9.52-150000.173.2
fixed
suse enterprise desktop 15 SP6
9.52-150000.173.2
fixed
suse enterprise desktop 15 SP7
9.52-150000.173.2
fixed
suse enterprise sap 12 SP5
9.52-23.60.1
fixed
suse enterprise sap 15 SP1
9.52-150000.173.2
fixed
suse enterprise sap 15 SP2
9.52-150000.173.2
fixed
suse enterprise sap 15 SP3
9.52-150000.173.2
fixed
suse enterprise sap 15 SP4
9.52-150000.173.2
fixed
suse enterprise sap 15 SP5
9.52-150000.173.2
fixed
suse enterprise sap 15 SP6
9.52-150000.173.2
fixed
suse enterprise sap 15 SP7
9.52-150000.173.2
fixed
suse enterprise server 12 SP3
9.52-23.60.1
fixed
suse enterprise server 12 SP5
9.52-23.60.1
fixed
suse enterprise server 15 SP1
9.52-150000.173.2
fixed
suse enterprise server 15 SP2
9.52-150000.173.2
fixed
suse enterprise server 15 SP3
9.52-150000.173.2
fixed
suse enterprise server 15 SP4
9.52-150000.173.2
fixed
suse enterprise server 15 SP5
9.52-150000.173.2
fixed
suse enterprise server 15 SP6
9.52-150000.173.2
fixed
suse enterprise server 15 SP7
9.52-150000.173.2
fixed
ghostscript-x11
suse enterprise desktop 15 SP4
9.52-150000.173.2
fixed
suse enterprise desktop 15 SP5
9.52-150000.173.2
fixed
suse enterprise desktop 15 SP6
9.52-150000.173.2
fixed
suse enterprise desktop 15 SP7
9.52-150000.173.2
fixed
suse enterprise sap 12 SP5
9.52-23.60.1
fixed
suse enterprise sap 15 SP1
9.52-150000.173.2
fixed
suse enterprise sap 15 SP2
9.52-150000.173.2
fixed
suse enterprise sap 15 SP3
9.52-150000.173.2
fixed
suse enterprise sap 15 SP4
9.52-150000.173.2
fixed
suse enterprise sap 15 SP5
9.52-150000.173.2
fixed
suse enterprise sap 15 SP6
9.52-150000.173.2
fixed
suse enterprise sap 15 SP7
9.52-150000.173.2
fixed
suse enterprise server 12 SP3
9.52-23.60.1
fixed
suse enterprise server 12 SP5
9.52-23.60.1
fixed
suse enterprise server 15 SP1
9.52-150000.173.2
fixed
suse enterprise server 15 SP2
9.52-150000.173.2
fixed
suse enterprise server 15 SP3
9.52-150000.173.2
fixed
suse enterprise server 15 SP4
9.52-150000.173.2
fixed
suse enterprise server 15 SP5
9.52-150000.173.2
fixed
suse enterprise server 15 SP6
9.52-150000.173.2
fixed
suse enterprise server 15 SP7
9.52-150000.173.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ghostscript
RHEL 9
0:9.54.0-14.el9_3
fixed
ghostscript-doc
RHEL 9
0:9.54.0-14.el9_3
fixed
ghostscript-tools-dvipdf
RHEL 9
0:9.54.0-14.el9_3
fixed
ghostscript-tools-fonts
RHEL 9
0:9.54.0-14.el9_3
fixed
ghostscript-tools-printing
RHEL 9
0:9.54.0-14.el9_3
fixed
ghostscript-x11
RHEL 9
0:9.54.0-14.el9_3
fixed
libgs
RHEL 9
0:9.54.0-14.el9_3
fixed
libgs-devel
RHEL 9
0:9.54.0-14.el9_3
fixed
References
https://bugs.ghostscript.com/show_bug.cgi?id=707051
https://ghostscript.com/
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/
https://bugs.ghostscript.com/show_bug.cgi?id=707051
https://ghostscript.com/
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/