CVE-2023-52722

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions prior to 10.03.1

Description The issue is related to the incorrect input validation in the psi/zmisc1.c file of the Artifex Ghostscript software. This can allow a remote attacker to execute arbitrary code. The problem occurs when SAFER mode is used, allowing eexec seeds other than the Type 1 standard.

Recommendations

Update Artifex Ghostscript to version 10.03.1 immediately to address the issue.
Audit systems to ensure no unauthorized access or file modifications have occurred.
If Artifex Ghostscript is used in web services, ensure that these services are also updated.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2024-13477

ALT-PU-2024-14136

ALT-PU-2024-14302

BDU:2024-07479

CVE-2023-52722

DSA-5692-1

MGASA-2024-0180

OESA-2024-2176

OESA-2024-2178

OPENSUSE-SU-2024:14090-1

OPENSUSE-SU-2024_1590-1

OPENSUSE-SU-2024_1590-2

SUSE-SU-2024:1568-1

SUSE-SU-2024:1590-1

SUSE-SU-2024:1590-2

SUSE-SU-2024_1568-1

SUSE-SU-2024_1590-1

SUSE-SU-2024_1590-2

USN-6835-1

Affected Products

Alt Linux

Artifex Ghostscript

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

CVE-2023-52722

Weakness Enumeration

Related Identifiers

Affected Products

References · 62