First published: Tue Oct 17 2023(Updated: )
It was discovered that Ghostscript incorrectly handled certain PDF documents. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/ghostscript | <10.01.2~dfsg1-0ubuntu2.1 | 10.01.2~dfsg1-0ubuntu2.1 |
Ubuntu Ubuntu | =23.10 | |
All of | ||
ubuntu/ghostscript | <10.0.0~dfsg1-0ubuntu1.4 | 10.0.0~dfsg1-0ubuntu1.4 |
Ubuntu Ubuntu | =23.04 | |
All of | ||
ubuntu/ghostscript | <9.55.0~dfsg1-0ubuntu5.5 | 9.55.0~dfsg1-0ubuntu5.5 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/ghostscript | <9.50~dfsg-5ubuntu4.11 | 9.50~dfsg-5ubuntu4.11 |
Ubuntu Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Ghostscript vulnerability is USN-6433-1.
If a user or automated system opens a specially crafted PDF file, a remote attacker could execute arbitrary code.
The versions 10.01.2~dfsg1-0ubuntu2.1, 10.0.0~dfsg1-0ubuntu1.4, 9.55.0~dfsg1-0ubuntu5.5, and 9.50~dfsg-5ubuntu4.11 of Ghostscript are affected.
You can fix the Ghostscript vulnerability by updating the Ghostscript package to version 10.01.2~dfsg1-0ubuntu2.1 (for Ubuntu 23.10), 10.0.0~dfsg1-0ubuntu1.4 (for Ubuntu 23.04), 9.55.0~dfsg1-0ubuntu5.5 (for Ubuntu 22.04), or 9.50~dfsg-5ubuntu4.11 (for Ubuntu 20.04).
You can find more information about this Ghostscript vulnerability at the following references: [https://ubuntu.com/security/CVE-2023-43115](https://ubuntu.com/security/CVE-2023-43115), [https://launchpad.net/ubuntu/+source/ghostscript/10.01.2~dfsg1-0ubuntu2.1](https://launchpad.net/ubuntu/+source/ghostscript/10.01.2~dfsg1-0ubuntu2.1), [https://launchpad.net/ubuntu/+source/ghostscript/10.0.0~dfsg1-0ubuntu1.4](https://launchpad.net/ubuntu/+source/ghostscript/10.0.0~dfsg1-0ubuntu1.4).