CVE-2023-4042: Ghostscript: incomplete fix for cve-2020-16305
First published: Tue Aug 01 2023(Updated: )
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artifex Ghostscript | <9.51 | |
| Redhat Enterprise Linux | =8.0 | |
| redhat/ghostscript | <9.51 | 9.51 |
| Redhat Codeready Linux Builder | =8.0 | |
| Redhat Codeready Linux Builder For Arm64 | =8.0_aarch64 | |
| Redhat Codeready Linux Builder For Ibm Z Systems | =8.0_s390x | |
| Redhat Codeready Linux Builder For Power Little Endian | =8.0_ppc64le | |
| Redhat Enterprise Linux For Arm 64 | =8.0_aarch64 | |
| Redhat Enterprise Linux For Ibm Z Systems | =8.0_s390x | |
| Redhat Enterprise Linux For Power Little Endian | =8.0_ppc64le |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw in ghostscript?
The vulnerability ID for this flaw in ghostscript is CVE-2023-4042.
What is the severity of CVE-2023-4042?
The severity of CVE-2023-4042 is medium with a CVSS score of 5.5.
Which version of ghostscript is affected by CVE-2023-4042?
The version affected by CVE-2023-4042 is up to exclusive 9.51.
What is the affected software for CVE-2023-4042?
The affected software for CVE-2023-4042 is ghostscript package as shipped with Red Hat Enterprise Linux 8.
How can I fix CVE-2023-4042?
To fix CVE-2023-4042, update to ghostscript version 9.51 or later.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/title
- agent/severity
- agent/description
- agent/event
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-4042
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- vendor/artifex
- canonical/artifex ghostscript
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- package-manager/redhat
- canonical/redhat codeready linux builder
- version/redhat codeready linux builder/8.0
- canonical/redhat codeready linux builder for arm64
- version/redhat codeready linux builder for arm64/8.0_aarch64
- canonical/redhat codeready linux builder for ibm z systems
- version/redhat codeready linux builder for ibm z systems/8.0_s390x
- canonical/redhat codeready linux builder for power little endian
- version/redhat codeready linux builder for power little endian/8.0_ppc64le
- canonical/redhat enterprise linux for arm 64
- version/redhat enterprise linux for arm 64/8.0_aarch64
- canonical/redhat enterprise linux for ibm z systems
- version/redhat enterprise linux for ibm z systems/8.0_s390x
- canonical/redhat enterprise linux for power little endian
- version/redhat enterprise linux for power little endian/8.0_ppc64le