Wind River Support Network

HomeDefectsLIN1023-2142
Fixed

LIN1023-2142 : Security Advisory - ghostscript - CVE-2023-43115

Created: Sep 18, 2023    Updated: Nov 17, 2023
Resolved Date: Nov 17, 2023
Found In Version: 10.23.30.1
Fix Version: 10.23.30.3
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace

Description

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).

CREATE(Triage):(User=admin) CVE-2023-43115 (https://nvd.nist.gov/vuln/detail/CVE-2023-43115)

CVEs

  • Linkedin
  • Facebook
  • Twitter
  • Youtube