Headline
CVE-2023-43115: Invalid Bug ID
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
‘707051?cve=title’ is not a valid bug number nor an alias to a bug.
Please press Back and try again.
Related news
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
Red Hat Security Advisory 2023-5868-01 - An update for ghostscript is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a code execution vulnerability.
Ubuntu Security Notice 6433-1 - It was discovered that Ghostscript incorrectly handled certain PDF documents. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code.