Home > Vulnerability Database > CVE-2023-28879

Mend.io Vulnerability Database

CVE-2023-28879

Good to know:

Date: March 30, 2023

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

Language: C

Severity Score

9.8

Related Resources (18)

Url: https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179

Url: https://www.debian.org/security/2023/dsa-5383

Url: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=37ed5022cecd584de868933b5b60da2e995b3179

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/

Url: https://ghostscript.readthedocs.io/en/latest/News.html

Url: http://www.openwall.com/lists/oss-security/2023/04/12/4

Url: https://bugs.ghostscript.com/show_bug.cgi?id=706494

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/

Url: https://security-tracker.debian.org/tracker/CVE-2023-28879

Url: https://security.gentoo.org/glsa/202309-03

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-28879

Url: https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/

Url: https://access.redhat.com/security/cve/CVE-2023-28879

Url: https://www.mend.io/vulnerability-database/CVE-2023-28879

Severity Score

9.8

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version ghostpdl-10.01.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-28879

Good to know:

Date: March 30, 2023

Language: C

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?