Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-38560

created 5 months, 3 weeks ago

Ghostscript: integer overflow in pcl/pl/plfont.c:418 in pl_glyph_name

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.

References

https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706898
RHBZ#2224368 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706898
RHBZ#2224368 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
https://bugs.ghostscript.com/show_bug.cgi?id=706898
RHBZ#2224368 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706898 x_transferred
RHBZ#2224368 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706898
RHBZ#2224368 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706898 x_transferred
RHBZ#2224368 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706898
RHBZ#2224368 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706898 x_transferred
RHBZ#2224368 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706898
RHBZ#2224368 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706898 x_transferred
RHBZ#2224368 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c x_transferred
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706898
RHBZ#2224368 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706898 x_transferred
RHBZ#2224368 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706898
RHBZ#2224368 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706898 x_transferred
RHBZ#2224368 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c x_transferred
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706898
RHBZ#2224368 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
RHBZ#2224368 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c x_transferred
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706898 x_transferred
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706898
RHBZ#2224368 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c x_transferred
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706898 x_transferred
RHBZ#2224368 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706898
RHBZ#2224368 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
https://bugs.ghostscript.com/show_bug.cgi?id=706898 x_transferred
RHBZ#2224368 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c x_transferred
https://access.redhat.com/security/cve/CVE-2023-38560 x_refsource_REDHAT vdb-entry x_transferred

Affected products

ghostscript

gimp:flatpak/ghostscript

Matching in nixpkgs

pkgs.ghostscriptX

PostScript interpreter (mainline version)

nixos-unstable -
- nixpkgs-unstable 10.05.1

pkgs.ghostscript_headless

PostScript interpreter (mainline version)

nixos-unstable -
- nixpkgs-unstable 10.05.1

pkgs.python312Packages.ghostscript

Interface to the Ghostscript C-API using ctypes

nixos-unstable -
- nixpkgs-unstable 0.7

pkgs.python313Packages.ghostscript

Interface to the Ghostscript C-API using ctypes

nixos-unstable -
- nixpkgs-unstable 0.7

pkgs.tests.texlive.dvipng.ghostscript

None

nixos-unstable -
- nixpkgs-unstable

pkgs.haskellPackages.ghostscript-parallel

Let Ghostscript render pages in parallel

nixos-unstable -
- nixpkgs-unstable 0.0.1

Package maintainers

@tobim Tobias Mayer <nix@tobim.fastmail.fm>
@flokli Florian Klink <flokli@flokli.de>

Suggestion detail