9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.9%
Debian Security Advisory DSA-5383-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
April 05, 2023 https://www.debian.org/security/faq
Package : ghostscript
CVE ID : CVE-2023-28879
Debian Bug : 1033757
It was discovered that Ghostscript, the GPL PostScript/PDF interpreter,
is prone to a buffer overflow vulnerability in the (T)BCP encoding
filters, which could result in the execution of arbitrary code if
malformed document files are processed (despite the -dSAFER sandbox
being enabled).
For the stable distribution (bullseye), this problem has been fixed in
version 9.53.3~dfsg-7+deb11u4.
We recommend that you upgrade your ghostscript packages.
For the detailed security status of ghostscript please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 11 | s390x | ghostscript | < 9.53.3~dfsg-7+deb11u4 | ghostscript_9.53.3~dfsg-7+deb11u4_s390x.deb |
Debian | 11 | arm64 | ghostscript-dbgsym | < 9.53.3~dfsg-7+deb11u4 | ghostscript-dbgsym_9.53.3~dfsg-7+deb11u4_arm64.deb |
Debian | 11 | arm64 | libgs-dev | < 9.53.3~dfsg-7+deb11u4 | libgs-dev_9.53.3~dfsg-7+deb11u4_arm64.deb |
Debian | 11 | armhf | libgs-dev | < 9.53.3~dfsg-7+deb11u4 | libgs-dev_9.53.3~dfsg-7+deb11u4_armhf.deb |
Debian | 10 | armhf | ghostscript | < 9.27~dfsg-2+deb10u7 | ghostscript_9.27~dfsg-2+deb10u7_armhf.deb |
Debian | 11 | armhf | ghostscript-x-dbgsym | < 9.53.3~dfsg-7+deb11u4 | ghostscript-x-dbgsym_9.53.3~dfsg-7+deb11u4_armhf.deb |
Debian | 11 | amd64 | libgs9-dbgsym | < 9.53.3~dfsg-7+deb11u4 | libgs9-dbgsym_9.53.3~dfsg-7+deb11u4_amd64.deb |
Debian | 11 | all | libgs9-common | < 9.53.3~dfsg-7+deb11u4 | libgs9-common_9.53.3~dfsg-7+deb11u4_all.deb |
Debian | 10 | amd64 | ghostscript | < 9.27~dfsg-2+deb10u7 | ghostscript_9.27~dfsg-2+deb10u7_amd64.deb |
Debian | 11 | ppc64el | ghostscript-x | < 9.53.3~dfsg-7+deb11u4 | ghostscript-x_9.53.3~dfsg-7+deb11u4_ppc64el.deb |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.9%