PT-2023-2291 · Artifex+9 · Artifex Ghostscript+9

Hadrien

+1

·

Publicado

2023-03-31

·

Atualizado

2024-06-15

·

CVE-2023-28879

CVSS v2.0

10

Crítica

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions through 10.01.0
Description The issue is related to a buffer overflow in the PostScript interpreter, specifically affecting the BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode functions in base/sbcp.c. This occurs when the write buffer is filled to one byte less than full and an attempt is made to write an escaped character, resulting in two bytes being written. The exploitation of this issue may allow a remote attacker to execute arbitrary code.
Recommendations For Artifex Ghostscript versions through 10.01.0, update to version 10.01.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the affected functions BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode until a patch is available.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALSA-2023:6544
ALSA-2023:7053
ALT-PU-2023-1620
ALT-PU-2023-1968
ALT-PU-2024-7762
BDU:2023-02055
CESA-2023_7053
CVE-2023-28879
DLA-3381-1
DSA-5383-1
MGASA-2023-0134
OESA-2023-1604
OESA-2023-1605
OESA-2023-1606
OESA-2023-1607
OESA-2023-1608
OPENSUSE-SU-2024:12853-1
RHSA-2023:6544
RHSA-2023:7053
RHSA-2023_6544
RHSA-2023_7053
SUSE-SU-2023:1797-1
SUSE-SU-2023:1799-1
SUSE-SU-2023_1797-1
SUSE-SU-2023_1799-1
USN-6017-1
USN-6017-2

Produtos afetados

Alt Linux
Almalinux
Artifex Ghostscript
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Suse
Ubuntu