CVE-2023-43115
Last modified
CVE-2023-43115 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).. EPSS estimates a 5.91% chance of exploitation in the next 30 days.
Description
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Artifex | Ghostscript | <= 10.01.2 |
| Fedoraproject | Fedora | 38 |
| Fedoraproject | Fedora | 39 |
References
- https://bugs.ghostscript.com/show_bug.cgi?id=707051Permissions Required
- https://ghostscript.com/Product
- https://bugs.ghostscript.com/show_bug.cgi?id=707051Permissions Required
- https://ghostscript.com/Product
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-43115?
How severe is CVE-2023-43115?
How do I fix CVE-2023-43115?
Are you affected by CVE-2023-43115?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST