CVE-2023-38559

Name	CVE-2023-38559
Description	A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3519-1
Debian Bugs	1043033

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
ghostscript (PTS)	bullseye	9.53.3~dfsg-7+deb11u7	fixed
	bullseye (security)	9.53.3~dfsg-7+deb11u9	fixed
	bookworm	10.0.0~dfsg-11+deb12u5	fixed
	bookworm (security)	10.0.0~dfsg-11+deb12u6	fixed
	sid, trixie	10.04.0~dfsg-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
ghostscript	source	buster	9.27~dfsg-2+deb10u8	DLA-3519-1
ghostscript	source	bullseye	9.53.3~dfsg-7+deb11u6
ghostscript	source	bookworm	10.0.0~dfsg-11+deb12u2
ghostscript	source	(unstable)	10.02.0~dfsg-1		1043033

Notes

https://bugs.ghostscript.com/show_bug.cgi?id=706897
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f (ghostpdl-10.02.0rc1)