CVE-2023-46751: Use After Free
First published: Wed Dec 06 2023(Updated: )
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artifex Ghostscript | <=10.02.0 | |
| ubuntu/ghostscript | <9.55.0~dfsg1-0ubuntu5.6 | 9.55.0~dfsg1-0ubuntu5.6 |
| ubuntu/ghostscript | <10.0.0~dfsg1-0ubuntu1.5 | 10.0.0~dfsg1-0ubuntu1.5 |
| ubuntu/ghostscript | <10.01.2~dfsg1-0ubuntu2.2 | 10.01.2~dfsg1-0ubuntu2.2 |
| ubuntu/ghostscript | <10.02.1~dfsg-1 | 10.02.1~dfsg-1 |
| debian/ghostscript | 9.27~dfsg-2+deb10u5 9.27~dfsg-2+deb10u9 9.53.3~dfsg-7+deb11u6 9.53.3~dfsg-7+deb11u5 10.0.0~dfsg-11+deb12u3 10.02.1~dfsg-3 |
Remedy
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=dcdbc595c13c9d11d235702dff46bb74c80f7698
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.ghostscript.com/show_bug.cgi?id=707264
- https://ghostscript.com/
- https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=dcdbc595c13c9d11d235702dff46bb74c80f7698
- https://www.debian.org/security/2023/dsa-5578
- https://launchpad.net/bugs/cve/CVE-2023-46751
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=dcdbc595c13c9d11d235702dff46bb74c80f7698
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e1a3956f252404f07d93be47f7845b23e4a2c4de
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13c9d11d235702dff46bb74c80f7698
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d2da96e81c7455338302c71a291088a8396245a
- https://security-tracker.debian.org/tracker/CVE-2023-46751
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46751
- https://ubuntu.com/security/notices/USN-6551-1
- https://nvd.nist.gov/vuln/detail/CVE-2023-46751
- https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5d2da96e81c7455338302c71a291088a8396245a (10.02.1)
- https://ubuntu.com/security/CVE-2023-46751
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-46751.
What is the title of the vulnerability?
The title of the vulnerability is 'An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.'
What is the affected software?
The affected software is Artifex Ghostscript version up to and including 10.02.0.
What is the severity of the vulnerability?
The severity of the vulnerability is high with a CVSS score of 7.5.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to update to a version of Artifex Ghostscript that is not affected.
- collector/nvd-api
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/trending
- vendor/artifex
- canonical/artifex ghostscript
- version/artifex ghostscript/10.02.0
- package-manager/ubuntu
- package-manager/debian