Lucene search

Veracode Vulnerability DatabaseVERACODE:43592

HistoryOct 08, 2023 - 3:59 p.m.

Denial Of Service (DoS)

2023-10-0815:59:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

ghostscript

vulnerability

plfont.c

pcl file

pdf conversion

integer overflow

denial of service

dos

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

26.5%

JSON

ghostscript is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the integer overflow in the pl_glyph_name of plfont.c, which allows an attacker to cause an application by transforming a maliciously crafted PCL file to PDF format

CPENameOperatorVersion
ghostscript:sideq9.53.3~dfsg-5
ghostscript:sideq9.53.3~dfsg-5

CPE	Name	Operator	Version
	ghostscript:sid	eq	9.53.3~dfsg-5
	ghostscript:sid	eq	9.53.3~dfsg-5

References

access.redhat.com/security/cve/CVE-2023-38560

bugs.ghostscript.com/show_bug.cgi?id=706898

bugzilla.redhat.com/show_bug.cgi?id=2224368

git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c

security-tracker.debian.org/tracker/CVE-2023-38560

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

26.5%

JSON

Related for VERACODE:43592