Unrated severityNVD Advisory· Published Mar 31, 2023· Updated Feb 14, 2025

CVE-2023-28879

Description

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

Affected products

Artifex/Ghostscriptcpe-rescue
osv-coords35 versions
pkg:rpm/almalinux/ghostscript pkg:rpm/almalinux/ghostscript-doc pkg:rpm/almalinux/ghostscript-tools-dvipdf pkg:rpm/almalinux/ghostscript-tools-fonts pkg:rpm/almalinux/ghostscript-tools-printing pkg:rpm/almalinux/ghostscript-x11 pkg:rpm/almalinux/libgs pkg:rpm/almalinux/libgs-devel pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Tumbleweed pkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/ghostscript&distro=SUSE%20Manager%20Proxy%204.2 pkg:rpm/suse/ghostscript&distro=SUSE%20Manager%20Server%204.2 pkg:rpm/suse/ghostscript&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ghostscript&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 9.54.0-13.el9+ 34 more
- (no CPE)range: < 9.54.0-13.el9
- (no CPE)range: < 9.54.0-13.el9
- (no CPE)range: < 9.54.0-13.el9
- (no CPE)range: < 9.54.0-13.el9
- (no CPE)range: < 9.54.0-13.el9
- (no CPE)range: < 9.54.0-13.el9
- (no CPE)range: < 9.54.0-13.el9
- (no CPE)range: < 9.54.0-13.el9
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.56.1-2.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-23.51.1
- (no CPE)range: < 9.52-23.51.1
- (no CPE)range: < 9.52-23.51.1
- (no CPE)range: < 9.52-23.51.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-23.51.1
- (no CPE)range: < 9.52-23.51.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-23.51.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-150000.164.1
- (no CPE)range: < 9.52-23.51.1
- (no CPE)range: < 9.52-23.51.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/mitrevendor-advisory
security.gentoo.org/glsa/202309-03mitrevendor-advisory
www.debian.org/security/2023/dsa-5383mitrevendor-advisory
www.openwall.com/lists/oss-security/2023/04/12/4mitremailing-list
lists.debian.org/debian-lts-announce/2023/04/msg00003.htmlmitremailing-list
bugs.ghostscript.com/show_bug.cgimitre
ghostscript.readthedocs.io/en/latest/News.htmlmitre
git.ghostscript.commitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.025
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000