REDHAT-BUG-2241108
First published: Thu Sep 28 2023(Updated: )
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. References: <a href="https://bugs.ghostscript.com/show_bug.cgi?id=707051">https://bugs.ghostscript.com/show_bug.cgi?id=707051</a> <a href="https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5">https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5</a> <a href="https://ghostscript.com/">https://ghostscript.com/</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ghostscript | <=10.01.2 | |
| Artifex GhostPDL | <=10.01.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.ghostscript.com/show_bug.cgi?id=707051
- https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
- https://ghostscript.com/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2241112
- https://twitter.com/RedTeamPT/status/1712379361146318896
- https://twitter.com/RedTeamPT/status/1712379364136964411
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2241108#c4
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-66d60c3df7
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-c2665a9ff3
- https://pagure.io/fedora-qa/blocker-review/issue/1408
- https://access.redhat.com/errata/RHSA-2023:5868
- https://access.redhat.com/errata/RHSA-2023:6265
- https://access.redhat.com/errata/RHSA-2023:6732
- https://bugzilla.redhat.com/show_bug.cgi?id=2241108
Frequently Asked Questions
What is the severity of REDHAT-BUG-2241108?
The severity of REDHAT-BUG-2241108 is critical due to its potential for remote code execution.
How do I fix REDHAT-BUG-2241108?
To fix REDHAT-BUG-2241108, update Artifex Ghostscript and GhostPDL to versions higher than 10.01.2.
What vulnerable products are affected by REDHAT-BUG-2241108?
Artifex Ghostscript and GhostPDL versions up to and including 10.01.2 are affected by REDHAT-BUG-2241108.
What type of attack does REDHAT-BUG-2241108 allow?
REDHAT-BUG-2241108 allows an attacker to execute remote code via specially crafted PostScript documents.
Is REDHAT-BUG-2241108 related to a specific functionality in Ghostscript?
Yes, REDHAT-BUG-2241108 is related to the IJS device functionality and its interaction with the SAFER security model.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-43115
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/artifex
- canonical/ghostscript
- canonical/artifex ghostpdl