ByteOS Network

NVD Vulnerability Details :

CVE-2023-28879

Modified

Source-cve@mitre.org

Published At-31 Mar, 2023 | 17:15

Updated At-14 Feb, 2025 | 20:15

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Artifex Software Inc.

>>ghostscript>>Versions before 10.01.0(exclusive)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>10.0

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>11.0

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov
CWE-787	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-787

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
http://www.openwall.com/lists/oss-security/2023/04/12/4	cve@mitre.org	N/A
https://bugs.ghostscript.com/show_bug.cgi?id=706494	cve@mitre.org	Exploit Vendor Advisory
https://ghostscript.readthedocs.io/en/latest/News.html	cve@mitre.org	Release Notes
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179	cve@mitre.org	N/A
https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html	cve@mitre.org	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/	cve@mitre.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/	cve@mitre.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/	cve@mitre.org	N/A
https://security.gentoo.org/glsa/202309-03	cve@mitre.org	N/A
https://www.debian.org/security/2023/dsa-5383	cve@mitre.org	Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/04/12/4	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugs.ghostscript.com/show_bug.cgi?id=706494	af854a3a-2127-422b-91ae-364da2661108	Exploit Vendor Advisory
https://ghostscript.readthedocs.io/en/latest/News.html	af854a3a-2127-422b-91ae-364da2661108	Release Notes
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://security.gentoo.org/glsa/202309-03	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.debian.org/security/2023/dsa-5383	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory