Headline
Debian Security Advisory 5383-1
Debian Linux Security Advisory 5383-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, is prone to a buffer overflow vulnerability in the (T)BCP encoding filters, which could result in the execution of arbitrary code if malformed document files are processed (despite the -dSAFER sandbox being enabled).
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5383-1 [email protected]://www.debian.org/security/ Salvatore BonaccorsoApril 05, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : ghostscriptCVE ID : CVE-2023-28879Debian Bug : 1033757It was discovered that Ghostscript, the GPL PostScript/PDF interpreter,is prone to a buffer overflow vulnerability in the (T)BCP encodingfilters, which could result in the execution of arbitrary code ifmalformed document files are processed (despite the -dSAFER sandboxbeing enabled).For the stable distribution (bullseye), this problem has been fixed inversion 9.53.3~dfsg-7+deb11u4.We recommend that you upgrade your ghostscript packages.For the detailed security status of ghostscript please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/ghostscriptFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQt3rNfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SoRRAAiGi3uTGuwMOc2Nh6RAqZ+vUewF+B0NUkGFAI0SJCaD5J8ka0qLDoG9pNzm5hotukboDIkG+r6jYE0BpGGReQNtstsmQfFUc8HWbe7wyTNv+r8HADU9Cfe44RJd1yVokt4opHU16D+OJC4Ffdm0iQt6iW1Ua2MbftJH7IF1c+fL7wST45WZz6z6dlac0cRPHn17JMH9oH0fsR+A2dBrCIIVdAQT2Rb1y9WpzAALZ92PfNA0DsCqytkaod6Xxd8lYGVd46nFz8gcpGi6JSrGxnegTlc4QWkTF5Xvn1hTyzN4ciWHhzzvE1IzWinFUtELH3/1vbhcyGRFSjjzcfSZhkYqnAFeA28skgTaNV4W8M3RxvPSSd6ElcUvJEqX1Sk3o6q4fKLS42bnNAlB54FsJGsoue4ihn+1gOwp6bVTHmyOPAWbdZeVWrCfllsA3JyGTcGw8pkDxxXfYJk+QnFtH6h+X5/tBXL2iXxpKTd1i65ZGnEQF5VRR9WE4Mx/afmsE7az6MS6m6GffiH9dyp+zRPKnvPMWdABatNYXPDUpl4ciFQC3BcU7lcJ7b56nvAycgRRiAcAMO8q88jDAN9TABrAupW/Z9psa27ANGp4qpdJ9mIpeQI+T1bfAwJjtlKgN6zU63Ij8CiZeVEWbMAm5McRldbC3jiWYv2W/RSOmL7So=ZcFg-----END PGP SIGNATURE-----
Related news
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
Gentoo Linux Security Advisory 202309-3 - Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could result in remote code execution. Versions greater than or equal to 10.01.2 are affected.
Ubuntu Security Notice 6017-2 - USN-6017-1 fixed vulnerabilities in Ghostscript. This update provides the corresponding updates for Ubuntu 23.04. Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 6017-1 - Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.