CVE-2023-43115

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions 10.01.2 and earlier

Description The issue is related to the gdevijs.c component in GhostPDL, which can lead to remote code execution via crafted PostScript documents. This is because the documents can switch to the IJS device or change the IjsServer parameter after SAFER has been activated. It is a documented risk that the IJS server can be specified on a gs command line, as the IJS device must execute a command to start the IJS server.

Recommendations For Artifex Ghostscript versions 10.01.2 and earlier, consider disabling the gdevijs.c component or restricting access to the IJS device to minimize the risk of exploitation. As a temporary workaround, avoid using the IjsServer parameter in crafted PostScript documents until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALSA-2023:6265

ALSA-2023:6732

ALSA-2023_6265

ALSA-2023_6732

ALSA-2025_4362

ALSA-2025_7422

ALT-PU-2024-13477

ALT-PU-2024-14136

ALT-PU-2024-14302

BDU:2023-06329

CVE-2023-43115

ELSA-2023-6265

ELSA-2023-6732

MGASA-2023-0290

OESA-2023-1695

OESA-2023-1696

OPENSUSE-SU-2023_3984-1

OPENSUSE-SU-2024:13247-1

OPENSUSE-SU-2026:10855-1

RHSA-2023:5868

RHSA-2023:6265

RHSA-2023:6732

RHSA-2023_6265

RHSA-2023_6732

ROSA-SA-2025-2648

SUSE-SU-2023:3938-1

SUSE-SU-2023:3984-1

SUSE-SU-2023_3938-1

SUSE-SU-2023_3984-1

USN-6433-1

Affected Products

Alt Linux

Almalinux

Artifex Ghostscript

Astra Linux

Linuxmint

Red Hat

Suse

Ubuntu

CVE-2023-43115

Weakness Enumeration

Related Identifiers

Affected Products

References · 62