Source: ghostscript Version: 10.01.2~dfsg-1 Severity: important Tags: security upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706897 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 10.0.0~dfsg-11+deb12u1 Control: found -1 10.0.0~dfsg-11 Control: found -1 9.53.3~dfsg-7+deb11u5 Control: found -1 9.53.3~dfsg-7
Hi, The following vulnerability was published for ghostscript. CVE-2023-38559[0]: | A buffer overflow flaw was found in base/gdevdevn.c:1973 in | devn_pcx_write_rle() in ghostscript. This issue may allow a local | attacker to cause a denial of service via outputting a crafted PDF | file for a DEVN device with gs. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-38559 https://www.cve.org/CVERecord?id=CVE-2023-38559 [1] https://bugs.ghostscript.com/show_bug.cgi?id=706897 (private) [2] https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f Regards, Salvatore
