Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-38559

created 5 months, 3 weeks ago

Ghostscript: out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in dos

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.

References

RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706897 x_transferred
RHBZ#2224367 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/ x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/ x_transferred
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706897 x_transferred
RHBZ#2224367 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/ x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/ x_transferred
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/ x_transferred
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706897 x_transferred
RHBZ#2224367 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/ x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706897 x_transferred
RHBZ#2224367 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/ x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/ x_transferred
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
https://bugs.ghostscript.com/show_bug.cgi?id=706897 x_transferred
RHBZ#2224367 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/ x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/ x_transferred
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry x_transferred
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706897 x_transferred
RHBZ#2224367 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/ x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/ x_transferred
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706897 x_transferred
RHBZ#2224367 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/ x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/ x_transferred
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/ x_transferred
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706897 x_transferred
RHBZ#2224367 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/ x_transferred
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706897 x_transferred
RHBZ#2224367 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/ x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/ x_transferred
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry
https://bugs.ghostscript.com/show_bug.cgi?id=706897
RHBZ#2224367 issue-tracking x_refsource_REDHAT
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
RHSA-2023:6544 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:7053 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-38559 x_refsource_REDHAT vdb-entry x_transferred
https://bugs.ghostscript.com/show_bug.cgi?id=706897 x_transferred
RHBZ#2224367 issue-tracking x_refsource_REDHAT x_transferred
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/ x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/ x_transferred

Affected products

ghostscript

gimp:flatpak/ghostscript

Matching in nixpkgs

pkgs.ghostscriptX

PostScript interpreter (mainline version)

nixos-unstable -
- nixpkgs-unstable 10.05.1

pkgs.ghostscript_headless

PostScript interpreter (mainline version)

nixos-unstable -
- nixpkgs-unstable 10.05.1

pkgs.python312Packages.ghostscript

Interface to the Ghostscript C-API using ctypes

nixos-unstable -
- nixpkgs-unstable 0.7

pkgs.python313Packages.ghostscript

Interface to the Ghostscript C-API using ctypes

nixos-unstable -
- nixpkgs-unstable 0.7

pkgs.tests.texlive.dvipng.ghostscript

None

nixos-unstable -
- nixpkgs-unstable

pkgs.haskellPackages.ghostscript-parallel

Let Ghostscript render pages in parallel

nixos-unstable -
- nixpkgs-unstable 0.0.1

Package maintainers

@tobim Tobias Mayer <nix@tobim.fastmail.fm>
@flokli Florian Klink <flokli@flokli.de>

Suggestion detail