Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). (CVE-2023-36664) A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. (CVE-2023-38559)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | ghostscript | < 9.53.3-2.6 | ghostscript-9.53.3-2.6.mga8 |
Mageia | 9 | noarch | ghostscript | < 10.00.0-6.2 | ghostscript-10.00.0-6.2.mga9 |