| Name | CVE-2023-28879 |
| Description | In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3381-1, DSA-5383-1 |
| Debian Bugs | 1033757 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| ghostscript (PTS) | buster | 9.27~dfsg-2+deb10u5 | vulnerable |
| buster (security) | 9.27~dfsg-2+deb10u9 | fixed | |
| bullseye | 9.53.3~dfsg-7+deb11u6 | fixed | |
| bullseye (security) | 9.53.3~dfsg-7+deb11u5 | fixed | |
| bookworm, bookworm (security) | 10.0.0~dfsg-11+deb12u3 | fixed | |
| trixie | 10.02.1~dfsg-3 | fixed | |
| sid | 10.03.0~dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| ghostscript | source | buster | 9.27~dfsg-2+deb10u7 | DLA-3381-1 | ||
| ghostscript | source | bullseye | 9.53.3~dfsg-7+deb11u4 | DSA-5383-1 | ||
| ghostscript | source | (unstable) | 10.0.0~dfsg-11 | 1033757 |
https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public)
Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179
Future hardening/potentially intrusive impact for older versions (and should not be applied for
older versions):
https://git.ghostscript.com/?p=ghostpdl.git;h=3635f4c75e54e337a4eebcf6db3eef0e60f9cebf
https://www.openwall.com/lists/oss-security/2023/04/12/4
https://offsec.almond.consulting/ghostscript-cve-2023-28879.html